Messages: Deprecated terminology in 5.1.3. Parameter Verification

Issue #678 resolved
Vladimir Dzhuvinov
created an issue

I noticed that section 5.1.3. Parameter Verification, pt. 3 (ACR claim) still uses the deprecated terms "required" / "optional" claim instead of the new "essential" / "voluntary".

Comments (5)

  1. Vladimir Dzhuvinov reporter

    Suggested rewrite:

    If the acr Claim is requested as an essential Claim in the id_token member with values as a parameter, the Authorization Server MUST return an acr Claim value that matches one of the requested values. The Authorization server MAY ask the user to re-authenticate with additional factors to meet the requirements. If this is an essential Claim and the requirement cannot be met, then the Authorization Server MUST return an error. The Client MAY make this Claim voluntary by including "essential": false in the acr Claim request. If the Claim is voluntary and the requested value for the user cannot be provided, the Authorization server SHOULD return the session's current acr as the value of the acr Claim. If the Claim is voluntary, the Authorization server is not required to provide this Claim in its response.

  2. Log in to comment