openid / connect / issues / #439 - Messages - 2.1.2 Why no user_id in the possible request param? — Bitbucket

Issue #439 resolved

Nat Sakimura created an issue 2011-12-19

If there is no user_id in the request, 2.1.4 Authz Error response "user_mismatched" does not make sense.

Thus, user_id should be one of the possible request param.

{{{ user_id An identifier assigned by the Server to identify the end user at this client. }}}

Comments (3)

John Bradley
I think that was from session management.

I agree that at this point user mismatch without the ability to request a user is unlikely.

Passing the user in the request object is a possibility.

I don't think it is worth adding it to the simple directed flow.
- 2011-12-19T19:41:54+00:00
Michael Jones
- assigned issue to
  
  John Bradley
This could be added, but should be restricted in scope to restrict the query to a specific user. We SHOULD NOT define anything about requesting things for users other than the End-User.
- 2011-12-19T23:44:17+00:00
John Bradley
- changed status to resolved
Fixes ~~#439~~ Sec 2.1.2.1.2 Added user_id claim and moved iso29115 to claims element of id_token member

→ 6c36295699e6
- 2011-12-20T19:55:04+00:00
Log in to comment

Assignee: John Bradley

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!