You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
This is an interesting situation. You'd need this code to do some more things:
is the user logged in with any client ids?
if so, if it the user you have located, is it the same user as was previously logged in?
in a sense, I suspect our local login page has a similar issue.
So, the real philosophical question: if a user re-enters credentials (or re-authenticated with an external login, or any combination of both), is that a new sesison?
My thoughts.. If we have stored external sub+sid of the user on first authentication, and match it during check you mentioned above, with sub+sid arrived after re-authentication (with or without entering new credentials, as it is possible that external session is fresh and alive and we just extend it for new client) - then I assume it should be the same session.
If subs are the same, but sids are different - another session, but same user - depends on the requirements, and as for me, can be treated as the same IdS FedGw session, so just add new client to the list.
If subs are different, no matter what sids is - we have new user, and should create new session on IdS FedGw.
In ExternalController.Callback we lose info about already logged in clients and session_id, was it intentionally?
It happens because new instance of properties created every time and client_list and session_id not copied from current properties.
https://github.com/IdentityServer/IdentityServer4.Quickstart.UI.AspNetIdentity/blob/main/Quickstart/Account/ExternalController.cs#L111
The question is, was it done intentionally? Seems like copying client list will do no harm, but about session_id I not sure..
The text was updated successfully, but these errors were encountered: