Re: [Dev] Need to change the type of some variables to make the Identity Server, OIDC compliant.

2017-09-20 Thread Dinusha Senanayaka 
Even though it's a spec violation (that we have made), there can be current
production applications which they cannot change or need complete process
to change them. In such scenario, migration to new IS version will be
blocked, even they having other needs of migrating to new version. Also as
a best practice migrations in middle layer should not cause changes to end
applications. If we keep a property, it will be helpful to handle such
situations right. Anyway, yeah agree that if it's a rare scenario we can
ignore it.

Regards,
Dinusha

On Wed, Sep 20, 2017 at 2:01 PM, Sagara Gunathunga  wrote:

>
>
> On Wed, Sep 20, 2017 at 1:44 PM, Johann Nallathamby 
> wrote:
>
>> I would like to see others comments also.
>>
>> Since this is a spec violation do we need to be backward compatible? I
>> would say we don't have to be. But I know we can have users who want like
>> it to be a breaking change. So it's important what other IAM members think.
>>
>
> I have 2 points on this
>
> 1. According  to OIDC spec this is a bug so we have to fix it.
>
> 2. The real meaning of  backward compatibility through  a property is,
>  there is a mode that IS continues to return a invalid  content.  IMO it's
> ok to break the clients who depend on invalid content, when they upgrade to
> newer version  of IS they have to change those logic as migration step.
>
> Thanks !
>
>>
>> If we need to have a property we can have a blanket property for all such
>> backward incompatible changes in IS 5.4.0 and allow the user to configure,
>> without having one property for each change.
>>
>> Regards,
>> Johann.
>>
>> On Wed, Sep 20, 2017 at 1:40 PM, Dinusha Senanayaka 
>> wrote:
>>
>>> Yes, this can break existing clients which has parsed current id_token
>>> and using these two values. One option is to introduce a new config to keep
>>> the old format of id_token and if the config value is switched, we support
>>> for the new format which is compliance for OIDC specification. We can
>>> deprecate supporting for old format after few releases.
>>>
>>> Regards,
>>> Dinusha
>>>
>>> On Wed, Sep 20, 2017 at 9:26 AM, Hasini Witharana 
>>> wrote:
>>>
 Hi,

 OIDC test suite has been updated and now new issues have come in basic
 profile (where response_type=code). The issues are given below.

 1. OP-scope-email
  In here email_verified is returned as a string in id_token and it
 should be a boolean value.

 2. OP-scope-phone
  In here phone_number_verified is returned as a string in id_token
 and it should be a booleanvalue.

 If we change these parameters to return boolean values, will the
 existing users get effected by that?

 Thank you.
 --

 *Hasini Witharana*
 Software Engineering Intern | WSO2


 *Email : hasi...@wso2.com *

 *Mobile : +94713850143 <071%20385%200143>[image:
 http://wso2.com/signature] *

>>>
>>>
>>>
>>> --
>>> Dinusha Dilrukshi
>>> Technical Lead
>>> WSO2 Inc.: http://wso2.com/
>>> Mobile: +94764069991 <+94%2076%20406%209991>
>>> Blog: http://dinushasblog.blogspot.com/
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Johann Dilantha Nallathamby*
>> Senior Lead Solutions Engineer
>> WSO2, Inc.
>> lean.enterprise.middleware
>>
>> Mobile - *+9476950*
>> Blog - *http://nallaa.wordpress.com *
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Sagara Gunathunga
>
> Director; WSO2, Inc.;  http://wso2.com
> V.P Apache Web Services;http://ws.apache.org/
> Linkedin; http://www.linkedin.com/in/ssagara
> Blog ;  http://ssagara.blogspot.com
>
>


-- 
Dinusha Dilrukshi
Technical Lead
WSO2 Inc.: http://wso2.com/
Mobile: +94764069991
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Need to change the type of some variables to make the Identity Server, OIDC compliant.

2017-09-20 Thread Sagara Gunathunga 
On Wed, Sep 20, 2017 at 1:44 PM, Johann Nallathamby  wrote:

> I would like to see others comments also.
>
> Since this is a spec violation do we need to be backward compatible? I
> would say we don't have to be. But I know we can have users who want like
> it to be a breaking change. So it's important what other IAM members think.
>

I have 2 points on this

1. According  to OIDC spec this is a bug so we have to fix it.

2. The real meaning of  backward compatibility through  a property is,
 there is a mode that IS continues to return a invalid  content.  IMO it's
ok to break the clients who depend on invalid content, when they upgrade to
newer version  of IS they have to change those logic as migration step.

Thanks !

>
> If we need to have a property we can have a blanket property for all such
> backward incompatible changes in IS 5.4.0 and allow the user to configure,
> without having one property for each change.
>
> Regards,
> Johann.
>
> On Wed, Sep 20, 2017 at 1:40 PM, Dinusha Senanayaka 
> wrote:
>
>> Yes, this can break existing clients which has parsed current id_token
>> and using these two values. One option is to introduce a new config to keep
>> the old format of id_token and if the config value is switched, we support
>> for the new format which is compliance for OIDC specification. We can
>> deprecate supporting for old format after few releases.
>>
>> Regards,
>> Dinusha
>>
>> On Wed, Sep 20, 2017 at 9:26 AM, Hasini Witharana 
>> wrote:
>>
>>> Hi,
>>>
>>> OIDC test suite has been updated and now new issues have come in basic
>>> profile (where response_type=code). The issues are given below.
>>>
>>> 1. OP-scope-email
>>>  In here email_verified is returned as a string in id_token and it
>>> should be a boolean value.
>>>
>>> 2. OP-scope-phone
>>>  In here phone_number_verified is returned as a string in id_token
>>> and it should be a booleanvalue.
>>>
>>> If we change these parameters to return boolean values, will the
>>> existing users get effected by that?
>>>
>>> Thank you.
>>> --
>>>
>>> *Hasini Witharana*
>>> Software Engineering Intern | WSO2
>>>
>>>
>>> *Email : hasi...@wso2.com *
>>>
>>> *Mobile : +94713850143 <071%20385%200143>[image:
>>> http://wso2.com/signature] *
>>>
>>
>>
>>
>> --
>> Dinusha Dilrukshi
>> Technical Lead
>> WSO2 Inc.: http://wso2.com/
>> Mobile: +94764069991 <+94%2076%20406%209991>
>> Blog: http://dinushasblog.blogspot.com/
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Sagara Gunathunga

Director; WSO2, Inc.;  http://wso2.com
V.P Apache Web Services;http://ws.apache.org/
Linkedin; http://www.linkedin.com/in/ssagara
Blog ;  http://ssagara.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Need to change the type of some variables to make the Identity Server, OIDC compliant.

2017-09-20 Thread Johann Nallathamby 
I would like to see others comments also.

Since this is a spec violation do we need to be backward compatible? I
would say we don't have to be. But I know we can have users who want like
it to be a breaking change. So it's important what other IAM members think.

If we need to have a property we can have a blanket property for all such
backward incompatible changes in IS 5.4.0 and allow the user to configure,
without having one property for each change.

Regards,
Johann.

On Wed, Sep 20, 2017 at 1:40 PM, Dinusha Senanayaka 
wrote:

> Yes, this can break existing clients which has parsed current id_token and
> using these two values. One option is to introduce a new config to keep the
> old format of id_token and if the config value is switched, we support for
> the new format which is compliance for OIDC specification. We can deprecate
> supporting for old format after few releases.
>
> Regards,
> Dinusha
>
> On Wed, Sep 20, 2017 at 9:26 AM, Hasini Witharana 
> wrote:
>
>> Hi,
>>
>> OIDC test suite has been updated and now new issues have come in basic
>> profile (where response_type=code). The issues are given below.
>>
>> 1. OP-scope-email
>>  In here email_verified is returned as a string in id_token and it
>> should be a boolean value.
>>
>> 2. OP-scope-phone
>>  In here phone_number_verified is returned as a string in id_token
>> and it should be a booleanvalue.
>>
>> If we change these parameters to return boolean values, will the existing
>> users get effected by that?
>>
>> Thank you.
>> --
>>
>> *Hasini Witharana*
>> Software Engineering Intern | WSO2
>>
>>
>> *Email : hasi...@wso2.com *
>>
>> *Mobile : +94713850143 <071%20385%200143>[image:
>> http://wso2.com/signature] *
>>
>
>
>
> --
> Dinusha Dilrukshi
> Technical Lead
> WSO2 Inc.: http://wso2.com/
> Mobile: +94764069991 <+94%2076%20406%209991>
> Blog: http://dinushasblog.blogspot.com/
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Need to change the type of some variables to make the Identity Server, OIDC compliant.

2017-09-20 Thread Dinusha Senanayaka 
Yes, this can break existing clients which has parsed current id_token and
using these two values. One option is to introduce a new config to keep the
old format of id_token and if the config value is switched, we support for
the new format which is compliance for OIDC specification. We can deprecate
supporting for old format after few releases.

Regards,
Dinusha

On Wed, Sep 20, 2017 at 9:26 AM, Hasini Witharana  wrote:

> Hi,
>
> OIDC test suite has been updated and now new issues have come in basic
> profile (where response_type=code). The issues are given below.
>
> 1. OP-scope-email
>  In here email_verified is returned as a string in id_token and it
> should be a boolean value.
>
> 2. OP-scope-phone
>  In here phone_number_verified is returned as a string in id_token and
> it should be a booleanvalue.
>
> If we change these parameters to return boolean values, will the existing
> users get effected by that?
>
> Thank you.
> --
>
> *Hasini Witharana*
> Software Engineering Intern | WSO2
>
>
> *Email : hasi...@wso2.com *
>
> *Mobile : +94713850143 <071%20385%200143>[image:
> http://wso2.com/signature] *
>



-- 
Dinusha Dilrukshi
Technical Lead
WSO2 Inc.: http://wso2.com/
Mobile: +94764069991
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Need to change the type of some variables to make the Identity Server, OIDC compliant.

2017-09-19 Thread Hasini Witharana 
Hi,

OIDC test suite has been updated and now new issues have come in basic
profile (where response_type=code). The issues are given below.

1. OP-scope-email
 In here email_verified is returned as a string in id_token and it
should be a boolean value.

2. OP-scope-phone
 In here phone_number_verified is returned as a string in id_token and
it should be a booleanvalue.

If we change these parameters to return boolean values, will the existing
users get effected by that?

Thank you.
-- 

*Hasini Witharana*
Software Engineering Intern | WSO2


*Email : hasi...@wso2.com *

*Mobile : +94713850143[image: http://wso2.com/signature]
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev