[Openid-specs-mobile-profile] login_hint behaviour

Torsten Lodderstedt torsten at lodderstedt.net
Fri Apr 24 20:17:59 UTC 2015


Hi Gonzalo,

I would suggest to ignore invalid login_hint values and prompt the user 
again. As the parameter name suggests, it is just a hint.

best regards,
Torsten.

Am 22.04.2015 um 13:38 schrieb GONZALO FERNANDEZ RODRIGUEZ:
> Hi guys,
>
>
> We are testing our IDGW and we have a doubt about the behaviour that 
> it should be have regarding the authentication in case of a login_hint 
> is provided in the authentication request. Anyone of you can help us 
> in this topic?
>
> If the MNO is not able to resolve who is the user which the login_hint 
> refers to, what should it do? Return an error or prompt the user to 
> introduce its MSISDN?. In case of asking the user for its MSISDN it 
> could happen that the MSISDN is not the same as the one referred by 
> the login_hint (from the Service Provider side).
>
> Best,
> Gonza.
>
>
> ------------------------------------------------------------------------
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su 
> destinatario, puede contener información privilegiada o confidencial y 
> es para uso exclusivo de la persona o entidad de destino. Si no es 
> usted. el destinatario indicado, queda notificado de que la lectura, 
> utilización, divulgación y/o copia sin autorización puede estar 
> prohibida en virtud de la legislación vigente. Si ha recibido este 
> mensaje por error, le rogamos que nos lo comunique inmediatamente por 
> esta misma vía y proceda a su destrucción.
>
> The information contained in this transmission is privileged and 
> confidential information intended only for the use of the individual 
> or entity named above. If the reader of this message is not the 
> intended recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly prohibited. 
> If you have received this transmission in error, do not read it. 
> Please immediately reply to the sender that you have received this 
> communication in error and then delete it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu 
> destinatário, pode conter informação privilegiada ou confidencial e é 
> para uso exclusivo da pessoa ou entidade de destino. Se não é vossa 
> senhoria o destinatário indicado, fica notificado de que a leitura, 
> utilização, divulgação e/ou cópia sem autorização pode estar proibida 
> em virtude da legislação vigente. Se recebeu esta mensagem por erro, 
> rogamos-lhe que nos o comunique imediatamente por esta mesma via e 
> proceda a sua destruição
>
>
> _______________________________________________
> Openid-specs-mobile-profile mailing list
> Openid-specs-mobile-profile at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20150424/b83380dd/attachment.html>


More information about the Openid-specs-mobile-profile mailing list