I ran in to a situation trying to configure and OpenID Connect IdP with an RP and got stuck.
When using the authorization code flow, the IdP doesn't include given_name or last_name claims in the ID token because it expects the RP to retrieve that from the userinfo endpoint.
The RP requires those claims in the ID token and assumes it is configurable in the IdP.
This is a prime example of an interoperability issue we can fix in IPSIE.
We should be explicit about the behavior of what claims appear in the ID token vs userinfo endpoint since IPSIE already requires the authorization code flow.
I ran in to a situation trying to configure and OpenID Connect IdP with an RP and got stuck.
When using the authorization code flow, the IdP doesn't include
given_nameorlast_nameclaims in the ID token because it expects the RP to retrieve that from the userinfo endpoint.The RP requires those claims in the ID token and assumes it is configurable in the IdP.
This is a prime example of an interoperability issue we can fix in IPSIE.
We should be explicit about the behavior of what claims appear in the ID token vs userinfo endpoint since IPSIE already requires the authorization code flow.