Messages 2.1.2.1.1.1 - Behavior when required claims unavailable underspecified
Per the mail thread "Definition of required and optional claims? Handling?", the intended behavior(s) when required claims are not present at the IdP or their release is not aproved by the user is not fully specified.
Open questions are: What error should be returned? If login succeeds, is an ID Token returned indicating successful authentication, even in the case where required claims are not available? What is the division of responsibilities between the IdP and the RP?
Comments (4)
-
-
Account Deleted Henrik Biering: Proposal for informative text:
By requesting a claim as "essential" the client indicates to the user that populating these claims will ensure a smooth authorization for the specific task requested by the user.
As "voluntary" claims the client may request additional attributes that it requires for fulfilling other tasks offered to the applicable user class.
-
reporter -
assigned issue to
-
assigned issue to
-
- changed status to resolved
Fix
#577- Messages - Changed "optional" claim to "essential".Miscellaneous format change done to debug the compilation error.
- Log in to comment
IdP MUST NOT return error when the attribute request cannot be fulfilled.
Essential / Voluntary is a better description than Required / Optional.
Default is voluntary.