[Openid-specs-mobile-profile] claims request in CIBA

GONZALO FERNANDEZ RODRIGUEZ gonzalo.fernandezrodriguez at telefonica.com
Wed Nov 23 07:37:27 UTC 2016


I agree,

If nobody disagree I will add it.

Best,
Gonza.




On 23/11/16 08:25, "Openid-specs-mobile-profile on behalf of Torsten Lodderstedt" <openid-specs-mobile-profile-bounces at lists.openid.net on behalf of torsten at lodderstedt.net> wrote:

>Hi Axel,
>
>I think that should be possible. In my opinion, any function/parameter not directly bound to managing/securing the OIDC front channel communication should be allowed/supported in/by SIBA.
>
>best regards,
>Torsten.
>
>> Am 22.11.2016 um 18:28 schrieb <Axel.Nennker at telekom.de> <Axel.Nennker at telekom.de>:
>> 
>> Hi,
>> 
>> Can the Client ask for "claims" in "OpenID Connect MODRNA Client initiated Backchannel Authentication Flow 1.0"?
>> 
>> This sentence seems to prohibit this:
>> "Authentication Requests are made using the MODRNA profile. Only the following parameters are taken into consideration in the Client initiated Backchannel Authentication flow. The rest of the request parameters defined in OAuth 2.0 [RFC6749] MUST be ignored by the Authorization Server. "
>> 
>> "the  following parameters" are
>> scope, client_req_id, client_notification_endpoint, acr_values, login_hint_token, id_token_hint, login_hint and context (binding_message)
>> 
>> Can the Client ask e.g. for "claims" in CIBA?
>> 
>> Cheers
>> Axel
>> 
>> https://bitbucket.org/openid/mobile/raw/default/draft-mobile-authentication-01.txt   
>> MODRNA adds these parameters to the authentication request of OpenID.core.
>> acr_values, login_hint and binding_message
>> 
>> OpenID.core parameters allows/requires the following parameters:
>> https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest  
>> scope, response_type, client_id, redirect_uri, state, response_mode, nonce, display, prompt, max_age, ui_locales, id_token_hint, login_hint, acr_values
>> and a bunch more like "claims".
>> 
>> CIBA:
>> https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication-01.xml?at=default
>> 
>> 
>> _______________________________________________
>> Openid-specs-mobile-profile mailing list
>> Openid-specs-mobile-profile at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile
>
>_______________________________________________
>Openid-specs-mobile-profile mailing list
>Openid-specs-mobile-profile at lists.openid.net
>http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile


More information about the Openid-specs-mobile-profile mailing list