[Openid-specs-ab] [Bitbucket] Issue #878: Messages 2.1.1.1 Define "negative response" for id_token_hint (openid/connect)

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Thu Oct 24 08:22:52 UTC 2013


Thank you guys for going through this. +1 for the second approach -
using the "interaction required" group of errors.

--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com



-------- Original Message --------
Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #878: Messages 2.1.1.1
Define "negative response" for id_token_hint (openid/connect)
From: Mike Jones <Michael.Jones at microsoft.com>
Date: Thu, October 24, 2013 7:18 am
To: Torsten Lodderstedt <torsten at lodderstedt.net>,
"openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>

   Servers should have the option to use the more specific error, when
appropriate.
  
                                                             -- Mike
  
   From: Torsten Lodderstedt [mailto:torsten at lodderstedt.net] 
 Sent: Wednesday, October 23, 2013 10:34 PM
 To: Mike Jones; openid-specs-ab at lists.openid.net
 Subject: Re: [Openid-specs-ab] [Bitbucket] Issue #878: Messages 2.1.1.1
Define "negative response" for id_token_hint (openid/connect)
 

 
 Why not just use the error "interaction required"? This seems
appropriate to me since it is the common denominator for all errors you
listed.
  
 
 Mike Jones <Michael.Jones at microsoft.com> schrieb:
  o   changed status to open 
 In his review, Brian Campbell pointed out that errors other than
login_required are likely appropriate in some failing prompt=none cases,
for instance interaction_required, consent_required., and
session_selection_required He proposed that we generalize the text
accordingly. I think he's right.
 We could either go back to just saying that an error is returned, or we
could strike a middle ground by saying that an error is returned, and
that it will typically be from among the set defined in 
http://openid.net/specs/openid-connect-core-1_0-14.html#AuthError, such
as "login_required". I think I prefer the latter approach.
  
   From: Vladimir Dzhuvinov [mailto:issues-reply at bitbucket.org] 
 Sent: Wednesday, October 09, 2013 11:19 PM
 To: Mike Jones
 Subject: Re: [Bitbucket] Issue #878: Messages 2.1.1.1 Define "negative
response" for id_token_hint (openid/connect)
 

 
                  
       Vladimir Dzhuvinov commented on issue #878: 
     Messages 2.1.1.1 Define "negative response" for id_token_hint 
     Thanks Mike, thanks Nat. We'll now make sure we use login_required
for the negative condition. 
        
    
     View this issue or add a comment by replying to this email. 
    
 
        Unwatch this issue to stop receiving email updates. 
   
   
    
    
    
  
  
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab 

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list