<div><div dir="auto">Me again</div><div dir="auto"><br></div><div dir="auto">I think I took a wrong turn interpreting your email on my phone :-)</div></div><div dir="auto"><br></div><div dir="auto">If I understand you correctly you search more or less this one<br></div><div dir="auto">-> <div><a href="https://openid.net/specs/openid-connect-backchannel-1_0.html">https://openid.net/specs/openid-connect-backchannel-1_0.html</a></div></div><div dir="auto"><br></div><div><div dir="auto">Which basically defines a URL Endpoint within the RP where the OP can send a JWT. Is it in your use-case a problem for the OP to track the clients on which RP they did sign-in?</div><div dir="auto"><br></div><div dir="auto">Greets</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 29 Apr 2020 at 17:17, Florian Forster <<a href="mailto:florian@caos.ch">florian@caos.ch</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Aeneas</div><div dir="ltr"><br></div><div dir="ltr">Below some questions/answers. Maybe I did not fully get your idea :-) <br><div><br></div><div>...when the user changes his/her password.</div><div>> I think most times this happens, it is directly at the OP (or at least it's storage) so is this really a use-case for OP initiated Back-channel Logout? The OP can in this case decide by itself to cancel sessions and trigger RP's about this. Maybe you can elaborate in which setup you find this case.</div><div><br></div><div>...banned by an administrator which in turn should trigger OIDC Back-Channel Logout.</div><div>> Is the user banned from the RP or the OP? Because, if it is a Identity-Lifecycle thing, where the user is completely locked I find services like SCIM 2.0 the proper tool. After an account deactivation we could do the same as my answer above states.</div><div><br></div><div>Greetings Florian</div><div><div><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span><br><div dir="ltr" style="margin-left:0pt"><table style="border:none;border-collapse:collapse"><colgroup><col width="198"><col width="402"></colgroup><tbody><tr style="height:103pt"><td style="vertical-align:top;padding:5pt"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><img src="https://lh6.googleusercontent.com/jlaP8D2tHfXHmrx3_mmnA58N-I73hYMU3-salgha0iJ4iPs-QSWh2aD42e3Z1lRnLOwFKI8Gj40xuTty9BfRiePIaQyUQANEXAK5ITUIBrwH8V4DtOQ8EEDGFLqo6fe9hY1b-KJQ" width="167" height="83" style="border:none"></span></p></td><td style="vertical-align:top;padding:5pt"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14pt;font-family:Lato,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Florian Forster</span></p><p dir="ltr" style="line-height:1.8;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Lato,sans-serif;color:rgb(153,153,153);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">H e a d o f C A O S</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Lato,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Phone: +41 79 956 39 01</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Lato,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Web: </span><span style="font-size:10pt;font-family:Lato,sans-serif;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000"> <a href="http://www.caos.ch" target="_blank">www.caos.ch</a></font></span></p></td></tr></tbody></table></div></span></div></div></div></div></div></div></div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 25 Apr 2020 at 13:25, Aeneas Rekkas <aeneas@ory.sh> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space">Hi,<div><br></div><div>we ( <a href="https://github.com/ory/hydra" target="_blank">https://github.com/ory/hydra</a> ) are receiving use cases for an OP-Initiated that does not involve the user’s browser and cookies. A use case might be that we want to perform Back-Channel Logout when the user changes his/her password. Another example would be that a user is banned by an administrator which in turn should trigger OIDC Back-Channel Logout. Is there any guidance on how this should be designed/implemented? Maybe even with an API Spec?</div><div><br></div><div>Best</div><div>Aeneas</div></div>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net" target="_blank">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
</blockquote></div>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span><br><div dir="ltr" style="margin-left:0pt"><table style="border:none;border-collapse:collapse"><colgroup><col width="198"><col width="402"></colgroup><tbody><tr style="height:103pt"><td style="vertical-align:top;padding:5pt"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><img src="https://lh6.googleusercontent.com/jlaP8D2tHfXHmrx3_mmnA58N-I73hYMU3-salgha0iJ4iPs-QSWh2aD42e3Z1lRnLOwFKI8Gj40xuTty9BfRiePIaQyUQANEXAK5ITUIBrwH8V4DtOQ8EEDGFLqo6fe9hY1b-KJQ" width="167" height="83" style="border:none"></span></p></td><td style="vertical-align:top;padding:5pt"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14pt;font-family:Lato,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Florian Forster</span></p><p dir="ltr" style="line-height:1.8;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Lato,sans-serif;color:rgb(153,153,153);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">H e a d o f C A O S</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Lato,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Phone: +41 79 956 39 01</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:10pt;font-family:Lato,sans-serif;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Web: </span><span style="font-size:10pt;font-family:Lato,sans-serif;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000"> <a href="http://www.caos.ch" target="_blank">www.caos.ch</a></font></span></p></td></tr></tbody></table></div></span></div></div></div></div></div></div>