[OpenID] [OpenID Connect] Where to send session_state param at authorization code flow
Malithi Edirisinghe
malithim at wso2.com
Mon Mar 21 04:56:17 UTC 2016
Hi All,
I would like to clarify on, with which response 'session_state' parameter
should be sent when supporting OpenID Connect session management in
authorization code flow.
As per the specification, session_state parameter should be returned with
the authentication response.
By referring the OpenID Connect Session Management specification and OpenID
Connect Core specification, what I understood was that the session_state
parameter should be sent along with the authorization code, in the
authorization code flow.
But, when it comes to Open ID Connect, seems there are also assumptions,
that authentication response is where the access token and ID token are
returned.
So, kindly would like to know whether it should be returned with the
authorization code or in the json response where ID token and access token
is returned.
Thanks,
Malithi
--
*Malithi Edirisinghe*
Senior Software Engineer
WSO2 Inc.
Mobile : +94 (0) 718176807
malithim at wso2.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20160321/6ffad481/attachment.html>
More information about the general
mailing list