openid / mobile / issues / #164 - Validate login_hint — Bitbucket

Issue #164 resolved

Christopher Vivek Vinushanth created an issue 2019-09-27

What will be the error response we need to send back when there is no such user registered in Identity Server, as mentioned in login_hint? And can we provide auth_req_id without validating login_hint[even there is no user]?

Comments (3)

Brian Campbell
What will be the error response we need to send back when there is no such user registered in Identity Server, as mentioned in login_hint?

unknown_user_id

And can we provide auth_req_id without validating login_hint[even there is no user]?

no (well, you could if you wanted/needed to return a auth_req_id that would just timeout so as not to give the client a clear indication of whether an account exists)
- 2019-09-27T12:24:48+00:00
Christopher Vivek Vinushanth reporter
Thank you !.
- 2019-10-06T18:55:14+00:00
Christopher Vivek Vinushanth reporter
- changed status to resolved
Resolved.
- 2019-10-06T18:55:59+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: trivial

Status: resolved

Component: CIBA

Milestone: CIBA Implementer's Draft

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!