Security/Guidelines/OpenID connect: Difference between revisions

Jump to navigation Jump to search

Security/Guidelines/OpenID connect (view source)

Revision as of 23:43, 21 April 2017

238 bytes added ,  21 April 2017
Automated sync from https://github.com/mozilla/wikimo_content
(Automated sync from https://github.com/mozilla/wikimo_content)
(Automated sync from https://github.com/mozilla/wikimo_content)
Line 142: Line 142:
** This issues a new ID token, with new attributes if they have changed.
** This issues a new ID token, with new attributes if they have changed.
** This may also renew the ID token expiration time.
** This may also renew the ID token expiration time.
** This is generally done with the parameter <code>prompt=none</code> while calling the OpenID Connect <code>authorize</code> endpoint. See also [http://openid.net/specs/openid-connect-implicit-1_0.html#RequestParameters specifications].
* The web application (RP) can '''optionally''' provide a <code>logout</code> URL, which the OpenID Connect Provider (OP) can call to indicate if a user has logged out (so that the web application immediately know when to log the user out as well).
* The web application (RP) can '''optionally''' provide a <code>logout</code> URL, which the OpenID Connect Provider (OP) can call to indicate if a user has logged out (so that the web application immediately know when to log the user out as well).


Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1168983"

Navigation menu