Section 8: Example responses: Issues and comments
Issue #1271
resolved
After updating the OAuth / OIDC SDK to the latest draft 12 the new examples were made part of the automated tests. This revealed several issues when parsing the example responses JSON in section 8. Some of the encountered issues may need to be addressed in the spec itself. I will create separate tickets for those.
There appear to be two ways to get the response to parse successfully:
- Change the evidence type to the deprecated
id_documentevidence (now it’sdocument). -
Or change it so that it parses as the new
documentevidence (see spec):- The ID card details go into a
document_detailselements (now it’sdetails). - The document
numberbecomesdocument_number,serial_numberorperson_number.
- The ID card details go into a
- Change the
documentelement todocument_details.
- The
created_atin the example1979-01-22doesn’t fit the expected timestamp format.
created_at: OPTIONAL. The time the record was created as ISO 8601:2004 [ISO8601-2004]YYYY-MM-DDThh:mm[:ss]TZDformat.
- The
assurance_levelset toal_2is not in the registry, it looks likeal2was intended here. - The
place_of_birth.countryclaim uses a three letter code. According to the spec the code must be 2 or 4 letters. - There are decimal HTML entities in the
place_of_birth.locality. See the JSON RFC for the standard string encoding.
- The
voucherelement contains thegiven_nameandfamily_nameparameters. According to the spec those should be communicated in thenameparameter. - The
place_of_birth.countryclaim uses a three letter code. According to the spec the code must be 2 or 4 letters.
- According to the spec the issuer country code
ITAshould be communicated in thecountry_codeparameter. - The
place_of_birth.countryclaim uses a three letter code. According to the spec the code must be 2 or 4 letters.
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.3
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.4
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.6
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.7
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.8
"address": {
"locality": "Maxstadt",
"postal_code": "12344",
"country": "DE",
"street_address": "An der Weide 22"
}
"address": {
"locality": "Karlstad",
"postal_code": "65344",
"country": "SWE",
"street_address": "Gatunamn 221b"
}
"address": {
"locality": "Imola BO",
"postal_code": "40026",
"country": "ITA",
"street_address": "Viale Dante Alighieri, 26"
}
There are 9 example responses where a country code appears to be communicated in the address.country claim, defined in OIDC Core as “country name”. At the same time there are two examples where address.country is set to Monaco and UK. The address.country_code claim introduced by the eKYC spec appears the most appropriate here, with its purpose to identify a country in a way that is unambiguous and interoperable.
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.2
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.5
The place_of_birth.country claim where a country code is expected is set to UK (which is not a valid two-letter country ISO code).
Comments (6)
-
-
reporter
Hi Mark,
This appears in the definition of the claim:
https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#section-4.1
country: String representing country in [ISO3166-1] Alpha-2 (e.g., DE) or [ISO3166-3] syntax.Since Alpha-3 isn't explicitly mentioned, our reading was that the possible values are Alpha-2 codes and the 4-letter codes for former countries (e.g. CZHH).
-
reporter
A note that should the
check_methodPR gets merged virtually all of the examples will get affected. -
PR #87 has been merged
-
@Vladimir Dzhuvinov Has PR #87 solved this issue?
-
reporter
- changed status to resolved
I'm closing this issue. We'll plug the new examples into the OIDC SDK and if something comes up I'll file a fresh ticket. Thanks!
- Log in to comment
specifically on the
place_of_birth.countryclaim - where does it say the code must be 2 or 4 letters - I don’t believe that was the intent and the three letter examples are correct.