[Openid-specs-ab] Introspection Profile for OpenID Connect
mike at gluu.org
mike at gluu.org
Fri Sep 13 16:00:32 UTC 2013
Here is another clarification...
Lets say I have two apps:
1. app1 - requires acr = http://gluu.org/authn/auth_level/1
2. app2 - requires acr = http://gluu.org/authn/auth_level/2
I want SSO between two apps:
1) A Person tries to login to app1 (auth_level=1) => got token1
2) Then the Person tries to login to app2 with token1 . So app2 needs
to introspect token1 to get auth_level to make sure it's 2 or higher.
Is this just out of scope of OpenID Connect ? I thought the use of acr
was in Connect?
thx,
Mike
More information about the Openid-specs-ab
mailing list