[mitreid-connect] How is possible to put into a browser cookie the ID token?

Justin Richer jricher at mit.edu
Thu Aug 25 10:33:07 EDT 2016


Don't do that. The browser cookie needs to be between the RP and the 
browser, not the IdP and the browser. The demo application follows the 
correct pattern: use the ID token to establish authentication, then 
create a session in the application itself.


  -- Justin


On 8/25/2016 10:06 AM, Michael Furman wrote:
>
> Hi all,
>
> I want to put into a browser cookie the ID token after the OpenID 
> Connect implicit flow.
>
> I want to eliminate the redirects to IDP for each requests.
>
> How to do it?
> Do we have any RFC that describes how to make RP stateful?
>
> I do know that the demo simple-web-app adds Jsession cookie after the 
> authentication.
>
> My question if we have some RFC and therefore all RP may be stateful.
> Thank you in advance for your help.
>
> Best regards,
>
> Michael
>
>
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160825/96dc6a37/attachment-0001.html


More information about the mitreid-connect mailing list