You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(oxauth): add client_id parameter support to /end_session
Support: 11416
Motivation
Corner case is when session is expired and grant object is expired (or revoked) and AS is not able to identify client.
Obviously if AS can't identify client (due to missed session and id_token_hint) it falls back to global validation via clientWhiteList and allowPostLogoutRedirectWithoutValidation=true.
If we want to avoid global clientWhiteList question is still the same, how AS should figure out client if session and id_token_hint is not there ?
One possible solution is to pass client_id explicitly, so AS will do following:
get client from session
if no session -> get client from id_token_hint
if grant object for id_token_hint is not there -> take client by client_id.
client_id parameter is just an idea, it's not supported however it can be implemented.
The text was updated successfully, but these errors were encountered:
Describe the issue
feat(oxauth): add client_id parameter support to /end_session
Support: 11416
Motivation
Corner case is when session is expired and grant object is expired (or revoked) and AS is not able to identify client.
Obviously if AS can't identify client (due to missed session and id_token_hint) it falls back to global validation via
clientWhiteList
andallowPostLogoutRedirectWithoutValidation=true
.If we want to avoid global
clientWhiteList
question is still the same, how AS should figure out client if session and id_token_hint is not there ?One possible solution is to pass client_id explicitly, so AS will do following:
The text was updated successfully, but these errors were encountered: