[Openid-specs-ab] Issue #1378: [OIDC4CI] use-case when the user is already logged in before starting the issuance (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Thu Dec 16 04:53:36 UTC 2021
New issue 1378: [OIDC4CI] use-case when the user is already logged in before starting the issuance
https://bitbucket.org/openid/connect/issues/1378/oidc4ci-use-case-when-the-user-is-already
Kristina Yasuda:
In the current draft, authentication of the user happens after the Issuer receives the authentication request. However, there are use-cases where the user is already signed in prior to sending the authentication request.
In those cases, the most straight forward option would be for the RP to send id\_token\_hint/login\_hint in the authentication request. However, when the RP is SIOP, in most cases, SIOP would not have an ID Token, so there would be a need for the Issuer to pass the id\_token\_hint/login\_hint to the RP beforehand. This is aligned with [section 4 of OIDC.Core](https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin) Initiating Login from the third party.
More information about the Openid-specs-ab
mailing list