[Openid-specs-ab] Issue #1353: Can RPs getting back to the right SIOP the second time? (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Fri Nov 5 04:13:29 UTC 2021
New issue 1353: Can RPs getting back to the right SIOP the second time?
https://bitbucket.org/openid/connect/issues/1353/can-rps-getting-back-to-the-right-siop-the
Kristina Yasuda:
During 2021-Nov-04 Connect call the question was raised, how do RPs get back to the right SIOP after they have interacted with one or multiple SIOPs previously.
Given “login with SIOP“ would be listed under “login with password“/”login with WebAuthn”, it was suggested that RP could tie username to the option “login with SIOP“ and a particular SIOP provider’s `authorization_endpoint` \(ie custom schema/universal links/app links\). Thereby being able to generate a request\_uri targeting that user’s selected provider’s SIOP instance.
It was noted that universal links/app links are one per SIOP provider and not per SIOP instance, so
This is related to Issue #1352, since if there is a way for the RP to reach particular SIOP more than once, it can use encrypted id\_token\_hint with that SIOP’s cached public key \(`sub`\).
More information about the Openid-specs-ab
mailing list