Messages: Deprecated terminology in 5.1.3. Parameter Verification
Issue #678
resolved
I noticed that section 5.1.3. Parameter Verification, pt. 3 (ACR claim) still uses the deprecated terms "required" / "optional" claim instead of the new "essential" / "voluntary".
Comments (5)
-
reporter -
reporter - changed title to Messages: Deprecated terminology in 5.1.3. Parameter Verification
-
- changed status to open
Valid issue
-
-
assigned issue to
-
assigned issue to
-
- changed status to resolved
Fixed
#678- Messages - Changed 5.1.3 terminology of acr to reflect essential vs required and fixed example→ <<cset 840bdffc4c3c>>
- Log in to comment
Suggested rewrite:
If the acr Claim is requested as an essential Claim in the id_token member with values as a parameter, the Authorization Server MUST return an acr Claim value that matches one of the requested values. The Authorization server MAY ask the user to re-authenticate with additional factors to meet the requirements. If this is an essential Claim and the requirement cannot be met, then the Authorization Server MUST return an error. The Client MAY make this Claim voluntary by including "essential": false in the acr Claim request. If the Claim is voluntary and the requested value for the user cannot be provided, the Authorization server SHOULD return the session's current acr as the value of the acr Claim. If the Claim is voluntary, the Authorization server is not required to provide this Claim in its response.