[Openid-specs-mobile-profile] Issue #192: Inconsistent description of mandatory data in Issuer request (openid/mobile)

pabloge issues-reply at bitbucket.org
Tue Aug 25 12:31:41 UTC 2020


New issue 192: Inconsistent description of mandatory data in Issuer request
https://bitbucket.org/openid/mobile/issues/192/inconsistent-description-of-mandatory-data

Pablo Guijarro:

In section 2.2 POST-based flow, it reads:

_\(A\) In contrast to the web-based flow, the RP typically provides data \(MNC/MCC,IMSI, or MSISDN\) to determine the user's MNO to the discovery process. The service tries to determine the MNO based on this data. **If this data is not present, the discovery service attempts to determine the MNO based on the RP's IP address.** If that fails, the discovery process fails._

However, in section 3.2.1. \(Issuer\) Request, the “data not present” scenario does not seem to be allowed, because it states:

_Either code, mcc, imsi, or msisdn must be present in the request._

I guess the latter should be modified to consider the option not to include any data, hoping for MNO resolution based on IP address to be possible.




More information about the Openid-specs-mobile-profile mailing list