[Openid-specs-ab] Issue #1101: clarify expected OP behaviour upon unsupported prompt parameter value (openid/connect)
panva
issues-reply at bitbucket.org
Wed Aug 7 13:37:19 UTC 2019
New issue 1101: clarify expected OP behaviour upon unsupported prompt parameter value
https://bitbucket.org/openid/connect/issues/1101/clarify-expected-op-behaviour-upon
Filip Skokan:
Followup to [http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20190805/007475.html](http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20190805/007475.html)
What is the expected OP behaviour upon encountering an unsupported/invalid `prompt` parameter value? Error out or proceed and ignore the value?
What do existing implementations do today? I guess probably error \(render page, `invalid_request` or something proprietary\) but I did not do the due diligence to check.
My expectation is to error on unsupported values since not every `prompt` parameter value brings with it the “acknowledgement” in the form of a return parameter or claim inside the ID Token \(e.g. none, consent\)
More information about the Openid-specs-ab
mailing list