We should either add a comment to section 3 login_hint_token parameter or to section 6 explaining the precedence of login_hint_token over login_hint if both are present. e.g.:
"If both login_hint_token an login_hint are present in the authentication request login_hint is ignored."
Alternatively an invalid request error could be thrown.
According to meeting on July 12th 2017:
I will amend the authentication spec with a passage that there must be an invalid request error if login_hint and login_hint_token are both present in the request.
I added a paragraph to the definition of login_hint_token in section 3 of openid-connect-modrna-authentication-1_0.xml
to specify behaviour if more than one hint parameter is present.
login_hint_token OPTIONAL. This is a new parameter. The
login_hint_token is used to transport a user identifier from the
Discovery Service to the OpenID Provider without revealing this
identifier to the client. Section 6 specifies the structure of
this parameter. Protection of the login_hint_token's content is
specified in Section 6.1.
Only one of "login_hint_token", "id_token_hint" or "login_hint" is
allowed. If more than one of those parameters are present in the
authentication request the server MUST return an "invalid_request"