[Openid-specs-ab] Session management: clarification of client authentication status
Vladimir Dzhuvinov
vladimir at connect2id.com
Sun May 28 15:33:27 UTC 2017
Greetings,
http://openid.net/specs/openid-connect-session-1_0.html#OPiframe
> In the case of an authorized Client (successful Authentication
> Response), the OP SHOULD change the value of the session state
> returned to the Client under one of the following events:
>
> * The set of users authenticated to the browser changes (login,
> logout, session add).
> * The authentication status of Clients being used by the End-User
> changes.
>
What does the second bullet point - "client authentication status" -
actually mean? A client (RP) with which the end-user has a session
failing to authenticate at the token endpoint?
Thanks,
Vladimir
--
Vladimir Dzhuvinov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170528/bf640324/attachment.html>
More information about the Openid-specs-ab
mailing list