Validate login_hint
Issue #164
resolved
What will be the error response we need to send back when there is no such user registered in Identity Server, as mentioned in login_hint? And can we provide auth_req_id without validating login_hint[even there is no user]?
Comments (3)
-
-
reporter Thank you !.
-
reporter - changed status to resolved
Resolved.
- Log in to comment
unknown_user_id
no (well, you could if you wanted/needed to return a auth_req_id that would just timeout so as not to give the client a clear indication of whether an account exists)