Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Save id_token to session when they are sent as part of auth flows #108

Open
talmeme opened this issue Jul 31, 2024 · 1 comment
Open

Save id_token to session when they are sent as part of auth flows #108

talmeme opened this issue Jul 31, 2024 · 1 comment

Comments

@talmeme
Copy link

talmeme commented Jul 31, 2024

In some flows with "openid" profile-related scopes, the identity provider sends an id_token together with the access_token or authorization_code to the app. In these cases, save the id_token immediately in the session instead of having app code make additional round trips to the identity provider's token endpoint subsequently to ask for the id_token again.

See https://developers.google.com/identity/openid-connect/openid-connect and https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow.

@0xTim
Copy link
Member

0xTim commented Jul 31, 2024

Just an FYI I'm going to be doing an Imperial code sprint next week to go through all the issues and PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants