[Openid-specs-risc] RISC events supported by Google

Mike Jones Michael.Jones at microsoft.com
Tue Apr 11 18:02:11 UTC 2017


This is useful, Marius.  What are the arguments for each of these events?

From: Openid-specs-risc [mailto:openid-specs-risc-bounces at lists.openid.net] On Behalf Of Marius Scurtescu
Sent: Tuesday, April 11, 2017 10:50 AM
To: openid-specs-risc at lists.openid.net
Subject: [Openid-specs-risc] RISC events supported by Google

Right now Google supports the following events:
- sessions-revoked - it states the Google closed all existing sessions for given subject
- tokens-revoked - it states that Google revoked all tokens for given user and recipient (client), no individual token strings provided, applies only to tokens explicitly revoked by the user

In the near future Google is planning to support:
- account-deleted - the account was deleted, an RP should find an alternative way to authenticate the user, while they still have an active session (if Google was only IdP and no other recovery email then account is practically lost)
- account-locked - account locked because of possibility of hijacking
- account-recovered - user recovered previously locked account
- account-reverification-requested - account not locked, but all sessions closed and user will be asked to change password on next login

Potentially in the mid future:
- account-identifier-changed - email address changes
- other token revocation events (revoked by client through API, revoked by Google for various reasons)
- log out events

Thoughts?

Which of these events do you think you would use and how?

What other events would you like to receive from Google (and RISC in general)?

Thanks,
Marius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170411/1398fedb/attachment.html>


More information about the Openid-specs-risc mailing list