[Openid-specs-ab] session management login
Filip Skokan
panva.ip at gmail.com
Mon Aug 12 10:35:31 UTC 2019
Hi Hans,
I don’t think so, at least not directly, the messages and mechanism put forth by Session Management do not introduce anything to convey a successful authorization/authentication response.
Closest I can imagine is the RP having access to a salted session_state that resulted from a failed prompt=none request earlier which it is able to use session management with and detect a change when the user now logs in for a said RP e.g. in another browser tab.
Can you elaborate a bit (especially on the “and more”)
Filip
Odesláno z iPhonu
12. 8. 2019 v 12:30, Hans Zandbelt via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
> Hi,
>
> A question about OIDC session management: until now I've been implementing this in my RP to cover logout. It seems that the spec also covers the possibility of automatically logging in users into RPs (and more).
>
> Is auto-login indeed envisioned and proper usage of OIDC's session management?
>
> Hans.
>
> --
> hans.zandbelt at zmartzone.eu
> ZmartZone IAM - www.zmartzone.eu
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190812/3fd6dec5/attachment.html>
More information about the Openid-specs-ab
mailing list