You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to propose using the OIDC/OAuth 2.0 flow for the session flow / integration with applications instead of the current JWT based flow - or as a basis for the development of a new session flow as announced in this comment. In contrast to #782 this is not about adding general OIDC/OAuth 2.0 capabilities to login users - but use the OIDC/OAuth 2.0 as the underlying protocol flow for applications to authenticate users through Hanko. For those familiar with OIDC/OAuth 2.0 - essentially making Hanko an OIDC OpenID Provider under the OIDC spec.
Zitadel uses this process and it makes for very simple integration with applications as most languages/frameworks support OIDC/OAuth2.0 out of the box. An explanation of the process and how Zitadel handles this can be found here.
I would expect that any custom session management / application integration process will eventually become very similar to OIDC/OAuth2.0 anyways - and as already discussed in #246 the current usage of a JWT for session management is at least debatable - if not discouraged.
To make implementation easy, Zitadel has open-sourced the OIDC/OAuth2.0 server implementation (GoLang). An example on how to use the library can be found here).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I would like to propose using the OIDC/OAuth 2.0 flow for the session flow / integration with applications instead of the current JWT based flow - or as a basis for the development of a new session flow as announced in this comment. In contrast to #782 this is not about adding general OIDC/OAuth 2.0 capabilities to login users - but use the OIDC/OAuth 2.0 as the underlying protocol flow for applications to authenticate users through Hanko. For those familiar with OIDC/OAuth 2.0 - essentially making Hanko an OIDC OpenID Provider under the OIDC spec.
Zitadel uses this process and it makes for very simple integration with applications as most languages/frameworks support OIDC/OAuth2.0 out of the box. An explanation of the process and how Zitadel handles this can be found here.
I would expect that any custom session management / application integration process will eventually become very similar to OIDC/OAuth2.0 anyways - and as already discussed in #246 the current usage of a JWT for session management is at least debatable - if not discouraged.
To make implementation easy, Zitadel has open-sourced the OIDC/OAuth2.0 server implementation (GoLang). An example on how to use the library can be found here).
Beta Was this translation helpful? Give feedback.
All reactions