Hi Yasas, Can you mention which test is requiring it by default? And can we check why the test is looking for it by default as the current implementation is conforming to the OIDC spec.
Time when the End-User authentication occurred. Its value is a JSON number > representing the number of seconds from 1970-01-01T0:0:0Z as measured in > UTC until the date/time. When a max_age request is made or when auth_time > is requested as an Essential Claim, then this Claim is REQUIRED; otherwise, > its inclusion is OPTIONAL. > Best Regards, Janak On Mon, Nov 16, 2020 at 12:57 PM Farasath Ahamed <farasa...@wso2.com> wrote: > > On Mon, Nov 16, 2020, 12:56 PM Yasas Ramanayake (Intern) <yas...@wso2.com> > wrote: > >> Hi all, >> >> I'm in the process of fixing issue [1] >> In our current implementation auth_time claim is sent in the ID token >> only if it's requested by the client as an essential claim or when a >> max_age request is made. However in one of the OIDC conformance suite test >> cases they expect the ID token to have auth_time even without explicitly >> requesting for it. Sending auth_time is optional according to specification >> [2]. >> >> We can consider this as an improvement to our implementation and add the >> auth_time by default to the id_token . Please share if you have any >> concerns/suggestions regarding this. >> >> [1] https://github.com/wso2/product-is/issues/10391 >> [2] https://openid.net/specs/openid-connect-core-1_0.html#IDToken >> >> >> Regards, >> -- >> Yasas Ramanayake | Intern - Engineering | WSO2 Inc. >> (m) +94717380767 | (w) +94115712082 | (e) yas...@wso2.com >> [image: https://wso2.com/signature] <https://wso2.com/signature> >> >> -- *Janak Amarasena* | Senior Software Engineer | WSO2 Inc. (m) +94777764144 | (w) +94112145345 | (e) ja...@wso2.com <https://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
