openid / connect / issues / #660 - Messages 2.1.2. Authorization Request - voluntary doesn't apply to scope=openid "user_id" claim — Bitbucket

Issue #660 resolved

Vladimir Dzhuvinov created an issue 2012-10-10

Under "scope" it says:

A space delimited, case sensitive list of ASCII string values. The values specify an additive list of voluntary Claims that are returned from the UserInfo Endpoint.

Section 2.3.2. UserInfo Response however implies that "user_id" is a REQUIRED (essential?) claim.

Comments (3)

Michael Jones
- assigned issue to
  
  Nat Sakimura
- edited description
The user_id claim is required by the protocol, and so must always be present. This is a greater requirement than being "essential".

We should read the spec to see if clarifications are needed in this regard.
- 2012-10-11T14:38:58+00:00
Michael Jones
- assigned issue to
  
  Michael Jones
- edited description
- 2012-12-10T23:16:29+00:00
Michael Jones
- changed status to resolved
Fixed ~~#660~~ - Clarifed that returning the "sub" value from the UserInfo endpoint is mandatory

→ <<cset 447b0124836d>>
- 2012-12-27T23:03:47+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: minor

Status: resolved

Component: Messages

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!