This repository was archived by the owner on Feb 25, 2019. It is now read-only.
OIDC Sessions #138
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Support for the OpenID Connect Session Management spec was recently added to the Anvil Connect server and browser client code. This specification defines the mechanism used by Google to achieve Single Sign-On between properties such as Gmail and Youtube. Beyond sharing user accounts, OIDC Sessions allow for authentication state to be shared between apps in such a way that once a user logs into one app, the others can be accessed without addition authentication steps on the part of the user. Logout and other session changes are shared between apps as well. Here's a screencast demonstrating the feature.
To achieve the immediate change to session state on separate hosts demonstrated in the screencast, we employed Server-Sent Events. This is behavior is in addition to that specified in the OpenID Connect docs.
Our implementation should be considered beta. There are likely to be a few bugs. It works with two instances of our AngularJS example app running on different hosts with different client credentials.
This feature requires review, additional testing in different environments, and documentation.
The text was updated successfully, but these errors were encountered: