Rejecting request when submitting arbitrary data on Registration

Question

Rejecting request when submitting arbitrary data on Registration

DamirSvrtan opened this issue 8 years ago · comments

The specification states:

If the post contains a field that is disabled or not defined by the developer, the library MUST reject the request with an error. We do not allow arbitrary data to be posted to an account's custom data object.

However, the TCK always submits the fields for registration in the following format:

{
  "email"=>"fooemail-0daeb1a6-a4ef-4b35-8ab0-0188023449e1@stormpath.com",
  "password"=>"[FILTERED]",
  "givenName"=>"GivenName-0daeb1a6-a4ef-4b35-8ab0-0188023449e1",
  "surname"=>"Surname-0daeb1a6-a4ef-4b35-8ab0-0188023449e1",
  "user"=>{
    "email"=>"fooemail-0daeb1a6-a4ef-4b35-8ab0-0188023449e1@stormpath.com",
    "password"=>"[FILTERED]",
    "givenName"=>"GivenName-0daeb1a6-a4ef-4b35-8ab0-0188023449e1",
    "surname"=>"Surname-0daeb1a6-a4ef-4b35-8ab0-0188023449e1"
  }
}

The data is kind of duplicated -> all the information is repeated twice, once in the root of the json hash, once namespaced with 'user'. The user hash seems arbitrary. I can easily filter that out, but just want to be clear on what the specification is.

Damir Svrtan · Answer 1 · Mon Jun 06 2016 22:54:03 GMT+0800 (China Standard Time)

Sorry, this seems Rails specific, closing the issue.