openid / connect / issues / #610 - Messages - 2.1.2 Authorization Request - id_token error condition needed — Bitbucket

Issue #610 wontfix

Nat Sakimura created an issue 2012-07-01

In 2.1.2, it is defined as:

id_token OPTIONAL. An ID Token passed to the Authorization server as a hint about the user's current or past authenticated session with the client. This SHOULD be present if prompt=none is sent.

We need to specify the behavior of the IdP for each prompt type.

Case 1: the user specified via id_token and the only user at the IdP matches
Case 2: the user specified via id_token is one of the current user at the IdP.
Case 3: the user specified via id_token and the user at the IdP does not match
Case 4: when there is no user at the IdP

Examples

E1: prompt=none + Case 2 => the user specified via id_token MUST be returned.
E2: prompt=login + Case 4 => Only the user specified in id_token is allowed for the successful authentication.
E3: prompt=login + Case 3 => Same as E2

etc.

Comments (3)

Michael Jones
- assigned issue to
  
  Nat Sakimura
- changed status to open
Nat will try to come up with a more concrete proposal
- 2012-07-02T23:42:56+00:00
Nat Sakimura reporter
On the hind sight, the error response is adequately written. It could be clearer but will become longer, and I think the current one is the right balance.
- 2012-08-30T13:11:35+00:00
Nat Sakimura reporter
- changed status to wontfix
- 2012-08-30T13:11:53+00:00
Log in to comment

Assignee: Nat Sakimura

Type: bug

Priority: major

Status: wontfix

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!