Skip to content

netID UI specific error responses #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
1701 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

netID UI specific error responses #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added docs/images/sso/LoginFlow.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
17 changes: 15 additions & 2 deletions docs/sso/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ netID uses [Pairwise Subject Identifiers](https://openid.net/specs/openid-connec

Each time a partner initiates a login flow by calling the authorization endpoint he can define which master data the user should authorize to be transferred. For that purpose, the OpenID Connect/OAuth2 standard defines *scope* and *claim* mechanisms.

Every OpenID Connect request must always request the *openid* scope. Moreover, the master data required/asked for by the partner can be expressed in the form of essential claims with netID.
Every OpenID Connect request must always request the *openid* scope. Moreover, the master data required/asked for by the partner can be expressed in the form of essential claims with netID.

In addition to Single Sign-on netID allows users to manage their overall privacy settings in terms of commercial data use, which are managed via the [netID Permission Center](../cmp/#netid-permission-center) backend. The netID Broker may be used by eligible netID Partners to acquire an access token that allows access to the Permission Center on behalf of a user, details on this integration can be found [here](/cmp/).

Expand Down Expand Up @@ -280,7 +280,20 @@ The sequence of the calls is summarized as follows:
## Error Messages

If the authorize request fails, the respective error is provided with the callback to the redirect_uri.
For details please refer to the [OIDC specification](https://openid.net/specs/openid-connect-core-1_0.html).
For an overview of the error responses, please check the [OIDC specification](https://openid.net/specs/openid-connect-core-1_0.html#AuthError).

### netID UI specific error responses

Aborts triggered by the user in the UI flow are also transmitted to the relying rarty with a corresponding error response.

![High Level Authentication Code Flow](../images/sso/LoginFlow.png)

|Use Case | Action | error | error_description |
|---|---|---|---|
| 1) Enter email address | cancelled by the user | account_selection_required | - |
| 2) Enter password for an existing netID account | cancelled by the user | login_required | Login+aborted+by+user |
| 3) Register a new netID account | cancelled by the user | login_required | Registration+aborted+by+user |
| 4) Give consent for the transmission of master data to the relying party | cancelled by the user | consent_required | Approval+aborted+by+user |

## netID Button

Expand Down