You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The authentication response in the authorization code grant is controlled in the following section. If we incorporate the OIDC session management specifications, it will be necessary to include session_state in the authentication response. I want to enable handling of session_state.
To allow session_state to be passed in the authentication request, I will modify the codeResponse interface to accept session information as an argument.
Version
No response
Environment
Self-hosted
Additional Context
No response
The text was updated successfully, but these errors were encountered:
I understand the question as asking how session_state is initially stored and subsequently retrieved by the OpenID Provider.
Regarding storage, since session_state is a value associated with the session established between the OpenID Provider and the browser, I assume it would be created in the database or memory when the session is created. This likely depends on the specific implementation, so it may not necessarily be related to zitadel/oidc.
For retrieving session_state in AuthResponseCode, I believe it would be effective to create an interface within Storage or a similar structure specifically for obtaining session_state.
Yeah, that sounds reasonable. Just as long as you are aware you need to touch the Storage or AuthRequest interface or probably need an optional interface to prevent breaking changes.
Preflight Checklist
Describe your problem
The authentication response in the authorization code grant is controlled in the following section. If we incorporate the OIDC session management specifications, it will be necessary to include session_state in the authentication response. I want to enable handling of session_state.
https://github.com/zitadel/oidc/blob/main/pkg/op/auth_request.go#L482-L488
Describe your ideal solution
To allow session_state to be passed in the authentication request, I will modify the codeResponse interface to accept session information as an argument.
Version
No response
Environment
Self-hosted
Additional Context
No response
The text was updated successfully, but these errors were encountered: