OP metadata should indicate if empty arrays are okay or not

Comments (8)

1. 

   Joseph Heenan reporter

   A related question, is it valid to have electronic_records when evidence_supporteddoes not contain electronic_record?

   • 2021-11-24T11:11:21+00:00
2. 

   Mark Haine

   • changed status to open

   • 2021-11-24T15:44:01+00:00
3. 

   Mark Haine

   • assigned issue to
     
     Mark Haine

   • 2021-11-24T15:44:20+00:00
4. 

   Joseph Heenan reporter

   A further twist I just noticed is that https://datatracker.ietf.org/doc/html/rfc8414#section-3.2 says:

     Claims that return multiple values are represented as JSON arrays.
     Claims with zero elements MUST be omitted from the response.
   

   So I’m not entirely sure that a zero element array is permitted.

   • 2021-11-25T16:29:38+00:00
5. 

   Kai Lehmann

   The OIDCD spec says the same: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse

   Claims that return multiple values are represented as JSON arrays. Claims with zero elements MUST be omitted from the response.

   • 2021-11-26T07:24:42+00:00
6. 

   Joseph Heenan reporter

   So here’s a summary of what’s in id3 that I think needs changing:

   evidence_supported - says ‘REQUIRED’ and ‘zero or more entries’, but as per rfc8414-3.2 empty arrays aren’t permitted, so this should be ‘optional’ and ‘1 or more members’.

   documents_supported - says 'REQUIRED when evidence_supported contains "document" or "id_document"' - I believe it should explicitly say '1 or more members'.

   documents_methods_supported - says ‘OPTIONAL'. Should probably explicit say ‘if present, must contain 1 or more members’.

   documents_validation_methods_supported - same as documents_methods_supported

   documents_verification_methods_supported - same as documents_methods_supported

   electronic_records_supported - says ‘REQUIRED when evidence_supported contains electronic_record’. I believe it should say ‘if present, must contain 1 or more members’

   claims_in_verified_claims_supported - says ‘REQUIRED’. I believe should say ‘must contain 1 or more members’.

   attachments_supported is a bit confusing currently - it says ‘REQUIRED when OP supports external attachments’ but I think ‘external’ wasn’t intended to be included there. I think it could be “OPTIONAL. If the OP supports attachments, it must include this with at least 1 member. Valid members are ‘external’ and ‘embedded’.”

   digest_algorithms_supported is probably okay, though for consistency with other members (and upstream standard, where REQUIRED is never indicated as a conditional) as it’s optional I think it be tagged as optional.

   ‌

   • 2022-01-12T19:21:24+00:00
7. 

   Mark Haine

   addressed in PR #103

   • 2022-01-14T09:06:46+00:00
8. 

   Mark Haine

   • changed status to resolved

   Resolved in PR #103

   • 2022-02-09T15:08:23+00:00
9. Log in to comment