[Openid-specs-ab] Essential claims with the scope value openid

John Bradley ve7jtb at ve7jtb.com
Tue Aug 8 15:09:39 UTC 2017



One School of thought (GDPR) is that you can only ask for claims that are required.   That is why it is essential as all are required.  

The openID scope should only return subject and issuer.   You need to ask for the specific claims that you want if you don't want all the claims in a scope like profile.  

So it sounds like a bug in the test.  

John B.  

On Aug 8, 2017 7:49 AM, "Hasini Witharana" <hasinidilanka at gmail.com <mailto:hasinidilanka at gmail.com>> wrote:
Hi,

Currently I am working with OpenID Connect Certification basic profile. In the OP, I have configured some claims to be gained when the scope is openid. When I send a authorization request with  an essential claim I will get all claims for openid and the essential claim. In the specifications there is no, rule as It should return only the essential claim. "OP-claims-essential" test is failing because unexpected claims are returned. Can you please clarify this issue?

-- 
Hasini Witharana
Undergraduate | Department of Computer Science and Engineering
University of Moratuwa
Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>

_______________________________________________
specs mailing list
specs at lists.openid.net <mailto:specs at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs <http://lists.openid.net/mailman/listinfo/openid-specs>





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170808/6026b107/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4383 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170808/6026b107/attachment.p7s>


More information about the Openid-specs-ab mailing list