[Openid-specs-ab] [Bitbucket] Issue #878: Messages 2.1.1.1 Define "negative response" for id_token_hint (openid/connect)

Mike Jones Michael.Jones at microsoft.com
Thu Oct 24 06:18:26 UTC 2013


Servers should have the option to use the more specific error, when appropriate.

                                                            -- Mike

From: Torsten Lodderstedt [mailto:torsten at lodderstedt.net]
Sent: Wednesday, October 23, 2013 10:34 PM
To: Mike Jones; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #878: Messages 2.1.1.1 Define "negative response" for id_token_hint (openid/connect)

Why not just use the error "interaction required"? This seems appropriate to me since it is the common denominator for all errors you listed.


Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> schrieb:
o   changed status to open<https://bitbucket.org/openid/connect/issues?status=open>

In his review, Brian Campbell pointed out that errors other than login_required are likely appropriate in some failing prompt=none cases, for instance interaction_required, consent_required., and session_selection_required He proposed that we generalize the text accordingly. I think he's right.

We could either go back to just saying that an error is returned, or we could strike a middle ground by saying that an error is returned, and that it will typically be from among the set defined in http://openid.net/specs/openid-connect-core-1_0-14.html#AuthError, such as "login_required". I think I prefer the latter approach.


From: Vladimir Dzhuvinov [mailto:issues-reply at bitbucket.org]
Sent: Wednesday, October 09, 2013 11:19 PM
To: Mike Jones
Subject: Re: [Bitbucket] Issue #878: Messages 2.1.1.1 Define "negative response" for id_token_hint (openid/connect)


[vdzhuvinov]

Vladimir Dzhuvinov commented on issue #878:

Messages 2.1.1.1 Define "negative response" for id_token_hint<https://bitbucket.org/openid/connect/issue/878/messages-2111-define-negative-response-for>


Thanks Mike, thanks Nat. We'll now make sure we use login_required for the negative condition.




View this issue<https://bitbucket.org/openid/connect/issue/878/messages-2111-define-negative-response-for> or add a comment by replying to this email.


Unwatch this issue<https://bitbucket.org/openid/connect/issue/878/unwatch/mbj/08d4d7c609cd15137b7cf789fa281a14811a6705/> to stop receiving email updates.



[Bitbucket]<https://bitbucket.org>






________________________________

Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131024/dc84cac6/attachment.html>


More information about the Openid-specs-ab mailing list