Per the mail thread "Definition of required and optional claims? Handling?", the intended behavior(s) when required claims are not present at the IdP or their release is not aproved by the user is not fully specified.
Open questions are: What error should be returned? If login succeeds, is an ID Token returned indicating successful authentication, even in the case where required claims are not available? What is the division of responsibilities between the IdP and the RP?