Hi Joseph, Yes, she raised the issue. Since I worked on OIDC compliance I initiated this mail thread. It would be okay to keep the discussion on the issue.
Thanks, Hasini On Mon, Jul 22, 2019 at 4:32 PM Joseph Heenan <[email protected]> wrote: > Hi Hasini, > > We had what sounds like the same issue raised here this morning: > > https://gitlab.com/openid/conformance-suite/issues/567 > > Are you linked with Sachini Siriwardene somehow? > > It would probably be good if we can keep all the discussion on the issue > please. > > Thanks > > Joseph > > > On 22 Jul 2019, at 10:43, Hasini Witharana <[email protected]> > wrote: > > Hi All, > > The spec[1] has the below content. > > Unless the Redirection URI is invalid, the Authorization Server returns >> the Client to the Redirection URI specified in the Authorization Request >> with the appropriate error and state parameters. Other parameters SHOULD >> NOT be returned. > > > Here they have mentioned "SHOULD NOT" which means according to [2] > > SHOULD NOT - This phrase, or the phrase "NOT RECOMMENDED" mean that >> there may exist valid reasons in particular circumstances when the >> particular behavior is acceptable or even useful, but the full >> implications should be understood and the case carefully weighed >> before implementing any behavior described with this label. > > > Will it be a spec violation if we return more attributes in the error > message? Moreover, we got OIDC spec compliancy, and when we were running > the test suite there were no test failures for this matter even though we > return some additional claims in the error response. > > We have developed oidc session management as well and we are returning the > session_state in the error response as recommended in the spec[3]. > > If it is not recommended to send more attributes in the error response > what is the recommended way to handle the session_state parameter in an > error response? > > Thank You. > Hasini > > [1] - > https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.6 > [2] - https://tools.ietf.org/html/rfc2119 > [3] - https://openid.net/specs/openid-connect-session-1_0.html > -- > *Hasini Witharana* > Graduate | Department of Computer Science and Engineering > University of Moratuwa > Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/> > > > -- *Hasini Witharana* Graduate | Department of Computer Science and Engineering University of Moratuwa Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
