[OpenID-Specs-eKYC-IDA] Issue #1150: Purpose in claims request should be limited to only contain allowed characters (openid/ekyc-ida)
issues-reply at bitbucket.org
Thu Jan 16 11:18:03 UTC 2020
New issue 1150: Purpose in claims request should be limited to only contain allowed characters
In OIDC error\_description is limited to “Human-readable ASCII encoded text description of the error.”.
RFC6749 it’s even more restricted: “Values for the "error\_description" parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.”
Something similar should be applied to **purpose** in claims requests as described in section 5.1 since it's expected to be shown to users.
More information about the Openid-specs-ekyc-ida