[Openid-specs-ab] Session management: clarification of client authentication status

Thomas Broyer t.broyer at gmail.com
Sun May 28 17:47:49 UTC 2017


I suppose for example the set of authorized scopes changing (most likely
scopes having been revoked), or the authentication switching from "remember
me cookie" to "reauthenticated", or "authenticated with password" to
"authenticated with client certificate"; or things like that.

Le dim. 28 mai 2017 17:41, Vladimir Dzhuvinov via Openid-specs-ab <
openid-specs-ab at lists.openid.net> a écrit :

> Greetings,
>
> http://openid.net/specs/openid-connect-session-1_0.html#OPiframe
>
> In the case of an authorized Client (successful Authentication Response),
> the OP SHOULD change the value of the session state returned to the Client
> under one of the following events:
>
>    - The set of users authenticated to the browser changes (login,
>    logout, session add).
>    - The authentication status of Clients being used by the End-User
>    changes.
>
> What does the second bullet point - "client authentication status" -
> actually mean? A client (RP) with which the end-user has a session failing
> to authenticate at the token endpoint?
>
> Thanks,
>
> Vladimir
>
> --
> Vladimir Dzhuvinov
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170528/74c7caf0/attachment.html>


More information about the Openid-specs-ab mailing list