[Openid-specs-ab] session management login

Filip Skokan panva.ip at gmail.com
Mon Aug 12 10:35:31 UTC 2019

Hi Hans,

I don’t think so, at least not directly, the messages and mechanism put forth by Session Management do not introduce anything to convey a successful authorization/authentication response. 

Closest I can imagine is the RP having access to a salted session_state that resulted from a failed prompt=none request earlier which it is able to use session management with and detect a change when the user now logs in for a said RP e.g. in another browser tab. 

Can you elaborate a bit (especially on the “and more”)


Odesláno z iPhonu

12. 8. 2019 v 12:30, Hans Zandbelt via Openid-specs-ab <openid-specs-ab at lists.openid.net>:

> Hi,
> A question about OIDC session management: until now I've been implementing this in my RP to cover logout. It seems that the spec also covers the possibility of automatically logging in users into RPs (and more).
> Is auto-login indeed envisioned and proper usage of OIDC's session management?
> Hans.
> -- 
> hans.zandbelt at zmartzone.eu
> ZmartZone IAM - www.zmartzone.eu
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190812/3fd6dec5/attachment.html>

More information about the Openid-specs-ab mailing list