Closed mrpotes closed 7 years ago
This would be need_info. AS could not use what was provided by the client, and lists them under required_claims again. I think we should define any behaviour in the spec that raises a question and cannot be answered immediately.
I'm inclined to agree on both points.
need_info
(with hints, at its option).Per UMA telecon 2017-08-08, need_info
is correct and we need to explain this condition for the error.
If the client pushes invalid/expired claim_token, how should the AS respond -
need_info
? Should the spec define that behaviour?