[Openid-specs-ab] Session management: clarification of client authentication status
vladimir at connect2id.com
Sun May 28 15:33:27 UTC 2017
> In the case of an authorized Client (successful Authentication
> Response), the OP SHOULD change the value of the session state
> returned to the Client under one of the following events:
> * The set of users authenticated to the browser changes (login,
> logout, session add).
> * The authentication status of Clients being used by the End-User
What does the second bullet point - "client authentication status" -
actually mean? A client (RP) with which the end-user has a session
failing to authenticate at the token endpoint?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab