Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
oauth2: Adds ability to detect previous consent #720
This commit aims at improving OpenID Connect conformity whilst making it
For that reason, ORY Hydra is now capable of remembering user sessions
Additionally, public OAuth 2.0 clients always require the full consent
referenced this pull request
Jan 8, 2018
There are multiple things which need to be addressed:
Let's take a closer look at the options.
Destroying previous consent session
I think this one's pretty easy. We could add something like
This could probably also revoke the access & refresh tokens that were issued with that request.
This would only destroy the user cookie but not revoke any tokens. Maybe along the lines of