search

oidc-sweden / specifications

Specifications for the Swedish OpenID Connect profile
13 stars 0 forks source link

Consider changing definition of userMessage request parameter #73

Closed martin-lindstrom closed 1 year ago

martin-lindstrom commented 1 year ago

The userMessage request parameter defined in Authentication Request Parameter Extensions for the Swedish OpenID Connect Profile is currently defined as:

...
"https://id.oidc.se/param/userMessage" : {  
  "message" : { 
    "sv" : "<Base64-encoded message in Swedish>",
    "en" : "<Base64-encoded message in English>"
  },
  "mime_type" : "text/plain"
},
...

Section 5.2 of OIDC Core states that claims for human consumption that need several language representations should be defined as "claim-name#lang-tag".

Given this we should consider the same for the userMessage claim.

martin-lindstrom commented 1 year ago 
...
"https://id.oidc.se/param/userMessage" : {  
  "message#sv" : "<Base64-encoded message in Swedish>",
  "message#en" : "<Base64-encoded message in English>",
  "mime_type" : "text/plain"
},
...

or

...
"https://id.oidc.se/param/userMessage#sv" : "<Base64-encoded message in Swedish>",
"https://id.oidc.se/param/userMessage#en" : "<Base64-encoded message in English>",
"https://id.oidc.se/param/userMessageMimeType" : "text/plain",
...