[Openid-specs-ab] [Bitbucket] Issue #878: Messages 2.1.1.1 Define "negative response" for id_token_hint (openid/connect)

Torsten Lodderstedt torsten at lodderstedt.net
Thu Oct 24 06:44:43 UTC 2013


Makes sense



Mike Jones <Michael.Jones at microsoft.com> schrieb:
>Servers should have the option to use the more specific error, when
>appropriate.
>
>                                                            -- Mike
>
>From: Torsten Lodderstedt [mailto:torsten at lodderstedt.net]
>Sent: Wednesday, October 23, 2013 10:34 PM
>To: Mike Jones; openid-specs-ab at lists.openid.net
>Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #878: Messages 2.1.1.1
>Define "negative response" for id_token_hint (openid/connect)
>
>Why not just use the error "interaction required"? This seems
>appropriate to me since it is the common denominator for all errors you
>listed.
>
>
>Mike Jones
><Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
>schrieb:
>o   changed status to
>open<https://bitbucket.org/openid/connect/issues?status=open>
>
>In his review, Brian Campbell pointed out that errors other than
>login_required are likely appropriate in some failing prompt=none
>cases, for instance interaction_required, consent_required., and
>session_selection_required He proposed that we generalize the text
>accordingly. I think he's right.
>
>We could either go back to just saying that an error is returned, or we
>could strike a middle ground by saying that an error is returned, and
>that it will typically be from among the set defined in
>http://openid.net/specs/openid-connect-core-1_0-14.html#AuthError, such
>as "login_required". I think I prefer the latter approach.
>
>
>From: Vladimir Dzhuvinov [mailto:issues-reply at bitbucket.org]
>Sent: Wednesday, October 09, 2013 11:19 PM
>To: Mike Jones
>Subject: Re: [Bitbucket] Issue #878: Messages 2.1.1.1 Define "negative
>response" for id_token_hint (openid/connect)
>
>
>[vdzhuvinov]
>
>Vladimir Dzhuvinov commented on issue #878:
>
>Messages 2.1.1.1 Define "negative response" for
>id_token_hint<https://bitbucket.org/openid/connect/issue/878/messages-2111-define-negative-response-for>
>
>
>Thanks Mike, thanks Nat. We'll now make sure we use login_required for
>the negative condition.
>
>
>
>
>View this
>issue<https://bitbucket.org/openid/connect/issue/878/messages-2111-define-negative-response-for>
>or add a comment by replying to this email.
>
>
>Unwatch this
>issue<https://bitbucket.org/openid/connect/issue/878/unwatch/mbj/08d4d7c609cd15137b7cf789fa281a14811a6705/>
>to stop receiving email updates.
>
>
>
>[Bitbucket]<https://bitbucket.org>
>
>
>
>
>
>
>________________________________
>
>Openid-specs-ab mailing list
>Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
>http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131024/16db4a08/attachment.html>


More information about the Openid-specs-ab mailing list