[OpenID] [OpenID Connect] Where to send session_state param at authorization code flow
Malithi Edirisinghe
malithim at wso2.com
Wed Mar 23 04:59:48 UTC 2016
Hi All,
Kindly expect some clarification to above.
Thanks,
Malithi.
On Mon, Mar 21, 2016 at 10:26 AM, Malithi Edirisinghe <malithim at wso2.com>
wrote:
> Hi All,
>
> I would like to clarify on, with which response 'session_state' parameter
> should be sent when supporting OpenID Connect session management in
> authorization code flow.
>
> As per the specification, session_state parameter should be returned with
> the authentication response.
> By referring the OpenID Connect Session Management specification and
> OpenID Connect Core specification, what I understood was that the
> session_state parameter should be sent along with the authorization code,
> in the authorization code flow.
> But, when it comes to Open ID Connect, seems there are also assumptions,
> that authentication response is where the access token and ID token are
> returned.
> So, kindly would like to know whether it should be returned with the
> authorization code or in the json response where ID token and access token
> is returned.
>
> Thanks,
> Malithi
>
> --
>
> *Malithi Edirisinghe*
> Senior Software Engineer
> WSO2 Inc.
>
> Mobile : +94 (0) 718176807
> malithim at wso2.com
>
--
*Malithi Edirisinghe*
Senior Software Engineer
WSO2 Inc.
Mobile : +94 (0) 718176807
malithim at wso2.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20160323/60176a72/attachment.html>
More information about the general
mailing list