Hi Gayan,
As I see, Denuwanthi is talking about the scenario where the grant type
does generate an ID token. In that case, we need to validate that generated
id token where we need to make sure the mandatory fields are there.
On Thu, Jul 6, 2017 at 9:55 AM, Gayan Gunawardana
On Thu, Jul 6, 2017 at 9:55 AM, Gayan Gunawardana wrote:
> Hi Sagara, Denuwanthi,
>
> There are many ways to write custom grant type. Even ClientCredentials
> grant type can be extended to custom grant type where do not need to think
> about ID token. If can you point to exact
Hi Sagara, Denuwanthi,
There are many ways to write custom grant type. Even ClientCredentials
grant type can be extended to custom grant type where do not need to think
about ID token. If can you point to exact example and explain the problem,
it would be great.
Thanks,
Gayan
On Tue, Jul 4,
Thank you Sagara for the response.
Yes, as you mentioned it means logical to use the server error response.
will proceed with that.
Thanks,
On Tue, Jul 4, 2017 at 7:08 PM, Sagara Gunathunga wrote:
>
>
> On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva
On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva
wrote:
> Hi,
>
> In OIDC spec,following claims are mentioned as mandatory.
> -iss
> -sub
> -aud
> -exp
> -iat
>
> Currently as mentioned in jira [1], it is possible to write custom OAuth2
> grant type which returns IDToken