[Openid-specs-ab] Session management: clarification of client authentication status

Vladimir Dzhuvinov vladimir at connect2id.com
Sun May 28 15:33:27 UTC 2017


Greetings,

http://openid.net/specs/openid-connect-session-1_0.html#OPiframe

> In the case of an authorized Client (successful Authentication
> Response), the OP SHOULD change the value of the session state
> returned to the Client under one of the following events:
>
>   * The set of users authenticated to the browser changes (login,
>     logout, session add).
>   * The authentication status of Clients being used by the End-User
>     changes.
>
What does the second bullet point - "client authentication status" -
actually mean? A client (RP) with which the end-user has a session
failing to authenticate at the token endpoint?

Thanks,

Vladimir

-- 
Vladimir Dzhuvinov

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170528/bf640324/attachment.html>


More information about the Openid-specs-ab mailing list