[Openid-specs-risc] RISC events supported by Google

Marius Scurtescu mscurtescu at google.com
Tue Apr 11 17:49:39 UTC 2017

Right now Google supports the following events:
- sessions-revoked - it states the Google closed all existing sessions for
given subject
- tokens-revoked - it states that Google revoked all tokens for given user
and recipient (client), no individual token strings provided, applies only
to tokens explicitly revoked by the user

In the near future Google is planning to support:
- account-deleted - the account was deleted, an RP should find an
alternative way to authenticate the user, while they still have an active
session (if Google was only IdP and no other recovery email then account is
practically lost)
- account-locked - account locked because of possibility of hijacking
- account-recovered - user recovered previously locked account
- account-reverification-requested - account not locked, but all sessions
closed and user will be asked to change password on next login

Potentially in the mid future:
- account-identifier-changed - email address changes
- other token revocation events (revoked by client through API, revoked by
Google for various reasons)
- log out events


Which of these events do you think you would use and how?

What other events would you like to receive from Google (and RISC in

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170411/c711984a/attachment.html>

More information about the Openid-specs-risc mailing list