[openid-specs-rande] SAML to OIDC mapping specification
Etienne Dysli Metref
etienne.dysli-metref at switch.ch
Tue Mar 9 13:45:26 UTC 2021
On 09.03.21 12:47, Mischa Salle wrote:
>>> attribute names come through as snake_case from the JWT token in json.
>>
>> Where is it specified that JWT claim names have to be snake_cased?
>
> they don't have to, there is no spec demanding that.
Alan repeatedly implied that they must, so I was just debunking that.
> although I agree that there isn't a spec requiring the use of snake_case
> over camelCase, I think it does make sense that (lacking such spec) we
> look at what is commonly done for OIDC and JWTs in general.
> I think indeed that your suggestion of a vote is probably the best way
> at this moment, but it would be good to do that based on what we see is
> mostly done and as such it's good to have a number of examples.
> After making a decision, some implementation will need to change.
Well... yes and no! :)
Doing it what everybody else does isn't a valid argument, because the
majority isn't always right. On the other hand, having claim names
familiar to people using OIDC (i.e. snake_case) *is* a good argument. It
can be turned around in favour of names familiar to people using SAML,
however. (It depends who we want to convince with our specification.)
> It seems virtually all OIDF-based specs are using snake_case for the
> registered or to-be-registered claims but I don't know if that's policy
> or coincidence.
I'm curious to know as well. Thank you Davide for asking in the
AB/Connect WG. :)
Etienne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20210309/d0996840/attachment.asc>
More information about the openid-specs-rande
mailing list