[Openid-specs-ab] Issue #998: subject_types_supported - should or must? (openid/connect)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Wed Aug 10 14:34:09 UTC 2016


New issue 998: subject_types_supported - should or must?
https://bitbucket.org/openid/connect/issues/998/subject_types_supported-should-or-must

Vladimir Dzhuvinov:

Today an OIDC developer (https://twitter.com/leleuj) informed me about a discrepancy in the OIDC spec regarding the **subject_types_supported** OP metadata parameter:

Core says  

http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes

> The OpenID Provider's Discovery document SHOULD list its supported Subject Identifier types in the subject_types_supported element.

Discovery however says that this parameters is required:

https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

> subject_types_supported
    REQUIRED. JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public. 






More information about the Openid-specs-ab mailing list