-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC - maybe allow id token for authentication #3590
Comments
The one issue is the expire time is usually longer on the ID token then the access token. Access tokens usually have a short lifespan so that applications have to check in with IDP to make sure session is still valid. If the ID token had a longer time to live set then application may incorrectly assume user is still logged in. I do think we need to take your recent changes with putting ID token in the cookie and utilize that to build the principal since it usually has more attributes about the user then the access token. |
See pull request #3637 Tried to build off of the updates from @tomas-langer and add the following functionality to OIDC:
|
@tomas-langer Could you please review these OIDC changes so we can look at getting them merged? Let me know if you see anything you want changed or added and I can get it done. Thanks! |
Similar to what was proposed in #3457
This requires some analysis whether such usage is the right way to go.
The text was updated successfully, but these errors were encountered: