Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Sign In] Simple redirect sign in with 1 RP using OIDC implicit+form post #19

Open
timcappalli opened this issue Sep 27, 2021 · 1 comment
Open

[Sign In] Simple redirect sign in with 1 RP using OIDC implicit+form post #19

timcappalli opened this issue Sep 27, 2021 · 1 comment

Comments

@timcappalli
Copy link
Member

Web application RP1 offers sign in/sign up functionality for users of identity provider IDP1, using OpenID Connect implicit flow and form_post.

Ignoring how IDP1 authenticates the user, apart from the fact that successful auth results in a cookie in IDP1 domain.

Notable: the ID Token might not contain user profile info, accessible via UserInfo call from the server (no user agent access) in case of hybrid variant.
@timcappalli timcappalli mentioned this issue Sep 27, 2021
Closed
@hlflanagan
Copy link

This has already been broken by samesite; it is more a philosophical question regarding whether a cookie set by a third party for an originating (first party) domain, is that cookie a third party cookie or a first party cookie?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hlflanagan @timcappalli