Messages - Behavior when required claims unavailable underspecified

Issue #577 resolved
Michael Jones created an issue

Per the mail thread "Definition of required and optional claims? Handling?", the intended behavior(s) when required claims are not present at the IdP or their release is not aproved by the user is not fully specified.

Open questions are: What error should be returned? If login succeeds, is an ID Token returned indicating successful authentication, even in the case where required claims are not available? What is the division of responsibilities between the IdP and the RP?

Comments (4)

  1. Nat Sakimura

    IdP MUST NOT return error when the attribute request cannot be fulfilled.

    Essential / Voluntary is a better description than Required / Optional.

    Default is voluntary.

  2. Former user Account Deleted

    Henrik Biering: Proposal for informative text:

    By requesting a claim as "essential" the client indicates to the user that populating these claims will ensure a smooth authorization for the specific task requested by the user.

    As "voluntary" claims the client may request additional attributes that it requires for fulfilling other tasks offered to the applicable user class.

  3. Log in to comment