[Openid-specs-mobile-profile] claims request in CIBA
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Tue Nov 22 17:28:29 UTC 2016
Hi,
Can the Client ask for "claims" in "OpenID Connect MODRNA Client initiated Backchannel Authentication Flow 1.0"?
This sentence seems to prohibit this:
"Authentication Requests are made using the MODRNA profile. Only the following parameters are taken into consideration in the Client initiated Backchannel Authentication flow. The rest of the request parameters defined in OAuth 2.0 [RFC6749] MUST be ignored by the Authorization Server. "
"the following parameters" are
scope, client_req_id, client_notification_endpoint, acr_values, login_hint_token, id_token_hint, login_hint and context (binding_message)
Can the Client ask e.g. for "claims" in CIBA?
Cheers
Axel
https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt
MODRNA adds these parameters to the authentication request of OpenID.core.
acr_values, login_hint and binding_message
OpenID.core parameters allows/requires the following parameters:
https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
scope, response_type, client_id, redirect_uri, state, response_mode, nonce, display, prompt, max_age, ui_locales, id_token_hint, login_hint, acr_values
and a bunch more like "claims".
CIBA:
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default
More information about the Openid-specs-mobile-profile
mailing list