[Openid-specs-ab] Handling of invalid claim values within claims request parameter
Kai Lehmann
kai.lehmann at 1und1.de
Thu Sep 28 13:06:36 UTC 2023
Hi,
The OIDCC spec allows RPs to request individual claims with the claims parameter:
https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
I was wondering how strict the OP should be in handling invalid claim values within this request. For example:
{
“first_name”: “INVALID”,
“last_name”: 5,
“email”: {
“essential”: “INVALID”
}
}
My interpretation of “The member values MUST be one of the following …” would be that the claims request parameter would be invalid if it contained invalid member values and thus the server should reject the request with a redirect back to the RP’s provided redirect_uri with invalid_request error. Would a more relaxed parsing (ignoring invalid claim parameters) also be an option and still in accordance with the specification?
Best regards,
Kai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230928/7fa21f98/attachment.html>
More information about the Openid-specs-ab
mailing list