[Openid-specs-mobile-profile] #31 how to react if login_hint AND login_hint_token are provided?
Joerg.Connotte at telekom.de
Joerg.Connotte at telekom.de
Fri Jul 21 13:11:41 UTC 2017
Hi all,
I added a paragraph to the definition of login_hint_token in section 3 of openid-connect-modrna-authentication-1_0.xml
to specify throwing an invalid_request error if more than one 'hint' parameter is present.
login_hint_token OPTIONAL. This is a new parameter. The
login_hint_token is used to transport a user identifier from the
Discovery Service to the OpenID Provider without revealing this
identifier to the client. Section 6 specifies the structure of
this parameter. Protection of the login_hint_token's content is
specified in Section 6.1.
Only one of "login_hint_token", "id_token_hint" or "login_hint" is
allowed. If more than one of those parameters are present in the
authentication request the server MUST return an "invalid_request"
error.
KR
Jörg
Deutsche Telekom AG
Group Innovation+ / Products & Innovation
Jörg Connotte
Technology / Demand Management
T-Online-Allee 1, 64295 Darmstadt
+49 6151 583-7614 (Tel.)
+49 160 957-76201 (Mobil)
E-Mail: joerg.connotte at telekom.de<mailto:j.connotte at telekom.de>
www.telekom.com<http://www.telekom.com/>
Life is for sharing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170721/0ba0e0f5/attachment-0001.html>
More information about the Openid-specs-mobile-profile
mailing list