[Openid-specs-ab] scopes
hideki nara
hdknr at ic-tact.co.jp
Fri Aug 19 01:31:49 UTC 2011
John,
For simplicity in Lite, I think RP should passively accept claims in
the standard profile only the end user has permitted.
If there is no claim what RP expected in the UserInfo,
1) RP ask the end user to permit the claim at the OP and restart
OpenID Connect Lite.
or
2) RP starts new OpenID Connect Standard session with a Request Object.
Current scope things are bit difficult for me to implement.
----
hdknr
2011/8/2 John Bradley <ve7jtb at ve7jtb.com>:
> There are basically two options for scopes.
>
> Option 1
> openid id_token
> user-info default user info less email and address
> email email
> address address
>
> So to get just email & id_token you ask for "openid email"
>
>
> Option 2
> openid id_token & user-info less email & address
> email email
> address address
> no-default-information This in conjunction with openid would only give you the id_token info
>
> So to get just email & id_token you ask for "openid email no-default-information"
>
> Talking to Breno not asking for a access token doesn't look like a good option.
>
> We need to support asking for nothing or just email for some applications.
>
> John
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
More information about the Openid-specs-ab
mailing list