Does the OpenID Connect Spec provide specifications for the design of the browser cookie?
Question
The OpenID provider checks if a user is already authentication session created within the authorization server via a browser cookie. Does the OpenID Connect spec contain design specifications / lock down the parameters for the implementation of the browser cookie?
1 answers
solution1
2 ACCPTED 2017-11-03 14:57:29
不,这被认为是协议/交互规范的范围外-着重于同级之间的互操作性-并由授权服务器的实现者来决定。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Does OpenID Connect standardize the OAuth 2 Authorization Endpoint?
How does a browser handle cookie with no path and no domain
What is the OpenID Connect access token for?
Why does document.cookie exist and when is it used by DOM in a browser?
How does my browser know to include a cookie in initial request?
Browser does not send cookies when cookie is set on a 303 redirect
CORS cookie not saved in browser
Cookie is not set automatically by the browser
Is the cookie dependent on the browser?
Delete cookie from browser?
Related Tags