[Openid-specs-ab] UserInfo endpoint: How to respond on invalid / deleted user?

Vladimir Dzhuvinov vladimir at connect2id.com
Tue Mar 17 12:53:11 UTC 2020


Suggestions how to respond when the UserInfo is called with a valid
access token, but the subject has been deleted or invalidated after the
original authZ / token refresh?

The current Core spec addresses only the bearer token error cases:

https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError


Thanks,

Vladimir


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4007 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200317/53bda922/attachment.p7s>


More information about the Openid-specs-ab mailing list