-
assigned issue to
- edited description
Messages 2.1.2. Authorization Request - voluntary doesn't apply to scope=openid "user_id" claim
Issue #660
resolved
Under "scope" it says:
A space delimited, case sensitive list of ASCII string values. The values specify an additive list of voluntary Claims that are returned from the UserInfo Endpoint.
Section 2.3.2. UserInfo Response however implies that "user_id" is a REQUIRED (essential?) claim.
Comments (3)
-
-
-
assigned issue to
- edited description
-
assigned issue to
-
- changed status to resolved
Fixed
#660- Clarifed that returning the "sub" value from the UserInfo endpoint is mandatory→ <<cset 447b0124836d>>
- Log in to comment
The user_id claim is required by the protocol, and so must always be present. This is a greater requirement than being "essential".
We should read the spec to see if clarifications are needed in this regard.