1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. mobile
  4. Issues

types of several values in Authentication Request not defined

Issue #208 new
Joseph Heenan created an issue

In this section:

https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1

The types for several values seem to be left unstated. This probably doesn’t matter too much in unsigned requests, but does matter in signed requests.

For example, login_hint is presumably intended to be a string value. (The draft Brazil CIBA spec appears to define it as a JSON object instead.)

Comments (4)

  1. Brian Campbell

    Admittedly it’s not spec'd out in the best way but the next section 7.1.1. Signed Authentication Request makes it pretty clear that login_hint would be a string.

    https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1.1

    A signed authentication request is made by encoding all of the authentication request parameters as claims of a signed JWT with each parameter name as the claim name and its value as a JSON string. An exception to this is requested_expiry, which may be sent as either a JSON string or a JSON number, the OP must accept either type. An extension or profile may define additional authentication request parameters, these may be defined to be any JSON type.

  3. Joseph Heenan reporter

    Ahhh. Thanks Brian. I completely missed that part when I was trying to figure this out. That makes the behaviour very clear, thanks. As you hint at it might be good to have It clearer in the previous section perhaps, perhaps we can consider that if there’s an errata version.

  5. Log in to comment
Assignee
Type
bug
Priority
major
Status
new
Component
CIBA
Milestone
Errata
Votes
0
Watchers
1
Jira Software: the preferred issue tracker for Bitbucket. Join the team!