[mitreid-connect] How is possible to put into a browser cookie the ID token?
Justin Richer
jricher at mit.edu
Thu Aug 25 10:33:07 EDT 2016
Don't do that. The browser cookie needs to be between the RP and the
browser, not the IdP and the browser. The demo application follows the
correct pattern: use the ID token to establish authentication, then
create a session in the application itself.
-- Justin
On 8/25/2016 10:06 AM, Michael Furman wrote:
>
> Hi all,
>
> I want to put into a browser cookie the ID token after the OpenID
> Connect implicit flow.
>
> I want to eliminate the redirects to IDP for each requests.
>
> How to do it?
> Do we have any RFC that describes how to make RP stateful?
>
> I do know that the demo simple-web-app adds Jsession cookie after the
> authentication.
>
> My question if we have some RFC and therefore all RP may be stateful.
> Thank you in advance for your help.
>
> Best regards,
>
> Michael
>
>
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160825/96dc6a37/attachment-0001.html
More information about the mitreid-connect
mailing list