[Openid-specs-ab] session management login

Hans Zandbelt hans.zandbelt at zmartzone.eu
Mon Aug 12 16:10:15 UTC 2019


 my use case is: when the OP session state changes to "logged in", the RP
could refresh/redirect with "prompt=none" to create a new RP session
I guess it is not prohibited by anything in the spec but I guess I've never
looked at session management for this use case

Hans.


On Mon, Aug 12, 2019 at 12:35 PM Filip Skokan <panva.ip at gmail.com> wrote:

> Hi Hans,
>
> I don’t think so, at least not directly, the messages and mechanism put
> forth by Session Management do not introduce anything to convey a
> successful authorization/authentication response.
>
> Closest I can imagine is the RP having access to a salted session_state
> that resulted from a failed prompt=none request earlier which it is able to
> use session management with and detect a change when the user now logs in
> for a said RP e.g. in another browser tab.
>
> Can you elaborate a bit (especially on the “and more”)
>
> Filip
>
> Odesláno z iPhonu
>
> 12. 8. 2019 v 12:30, Hans Zandbelt via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>:
>
> Hi,
>
> A question about OIDC session management: until now I've been implementing
> this in my RP to cover logout. It seems that the spec also covers the
> possibility of automatically logging in users into RPs (and more).
>
> Is auto-login indeed envisioned and proper usage of OIDC's session
> management?
>
> Hans.
>
> --
> hans.zandbelt at zmartzone.eu
> ZmartZone IAM - www.zmartzone.eu
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>

-- 
hans.zandbelt at zmartzone.eu
ZmartZone IAM - www.zmartzone.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190812/ae24e810/attachment.html>


More information about the Openid-specs-ab mailing list