What is sid claim in logout token in OpenID Connect Back-channel logout? -


i'm working on project related openid connect back-channel logout. need include sid claim in logout token mentioned in specification.

sid- optional. session id - string identifier session. represents session of user agent or device logged-in end-user @ rp. different sid values used identify distinct sessions @ op. sid value need unique in context of particular issuer. contents opaque rp. syntax same oauth 2.0 client identifier.

from explanation sid, have confusions whether tells session-id of end-user @ rp or session-id of rp @ op.

thanks in advance.

sid = unique identifier of session of end user on particular device/user agent, etc. suppose logged-in android phone in game app , game app uses openid , authenticates either facebook or google. game app launches user agent , connects openid provider. here authentication happens , app gets id token (which contains sid). game app requests user claims openid provider , creates session on device sends user information create session on game app server(rp here) well.

now suppose logged app on same phone or different phone , did same thing. logged 2 different apps has own sessions having 2 session @ op. how op distinguish session kill. if no sid there, kill sessions , sid there, session can killed.

this simplest explanation can give. else how achieved.


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -