Re: [Dev] Handling required claims in ID Token

Hi Gayan, As I see, Denuwanthi is talking about the scenario where the grant type does generate an ID token. In that case, we need to validate that generated id token where we need to make sure the mandatory fields are there. On Thu, Jul 6, 2017 at 9:55 AM, Gayan Gunawardana

Re: [Dev] Handling required claims in ID Token

On Thu, Jul 6, 2017 at 9:55 AM, Gayan Gunawardana wrote: > Hi Sagara, Denuwanthi, > > There are many ways to write custom grant type. Even ClientCredentials > grant type can be extended to custom grant type where do not need to think > about ID token. If can you point to exact

Re: [Dev] Handling required claims in ID Token

Hi Sagara, Denuwanthi, There are many ways to write custom grant type. Even ClientCredentials grant type can be extended to custom grant type where do not need to think about ID token. If can you point to exact example and explain the problem, it would be great. Thanks, Gayan On Tue, Jul 4,

Re: [Dev] Handling required claims in ID Token

Thank you Sagara for the response. Yes, as you mentioned it means logical to use the server error response. will proceed with that. Thanks, On Tue, Jul 4, 2017 at 7:08 PM, Sagara Gunathunga wrote: > > > On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva

Re: [Dev] Handling required claims in ID Token

On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva wrote: > Hi, > > In OIDC spec,following claims are mentioned as mandatory. > -iss > -sub > -aud > -exp > -iat > > Currently as mentioned in jira [1], it is possible to write custom OAuth2 > grant type which returns IDToken

[Dev] Handling required claims in ID Token

Hi, In OIDC spec,following claims are mentioned as mandatory. -iss -sub -aud -exp -iat Currently as mentioned in jira [1], it is possible to write custom OAuth2 grant type which returns IDToken without "sub" claim. When we handle this scenario, there is a small concern that need to be