[Openid-specs-mobile-profile] #31 how to react if login_hint AND login_hint_token are provided?

Joerg.Connotte at telekom.de Joerg.Connotte at telekom.de
Fri Jul 21 13:11:41 UTC 2017

Hi all,

I added a paragraph to the definition of login_hint_token in section 3 of openid-connect-modrna-authentication-1_0.xml
to specify throwing an invalid_request error  if more than one 'hint' parameter is present.

   login_hint_token  OPTIONAL.  This is a new parameter.  The
      login_hint_token is used to transport a user identifier from the
      Discovery Service to the OpenID Provider without revealing this
      identifier to the client.  Section 6 specifies the structure of
      this parameter.  Protection of the login_hint_token's content is
      specified in Section 6.1.

      Only one of "login_hint_token", "id_token_hint" or "login_hint" is
      allowed.  If more than one of those parameters are present in the
      authentication request the server MUST return an "invalid_request"


Deutsche Telekom AG
Group Innovation+ / Products & Innovation
Jörg Connotte
Technology / Demand Management
T-Online-Allee 1, 64295 Darmstadt
+49 6151 583-7614 (Tel.)
+49 160 957-76201 (Mobil)
E-Mail: joerg.connotte at telekom.de<mailto:j.connotte at telekom.de>

Life is for sharing.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170721/0ba0e0f5/attachment-0001.html>

More information about the Openid-specs-mobile-profile mailing list