-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[siop] Definition of the same-device and cross-device flows #8
Comments
Imported from AB/Connect bitbucket - Original Commenter: jermillerIt’s not practical or sometimes even possible for implementations to even detect when this third model is happening. The RP cannot know the OP is on the same device, and the OP upon getting a deep link may not be given permission to any referrer information by the platform as to the origin of the request. It will result in a very poor user experience, where they will be left in the OP after the response and have to self navigate back to the RP app/page on the same device. I still strongly believe the HTTP POST response should always have the ability to result in a redirect in same device AND cross device flows. This guarantees the RP some way of communicating with the user even if they just want to display a custom success page. This is especially important if something went wrong in the response, such as if potential fishing was detected by the RP and they need to communicate to the user. |
Imported from AB/Connect bitbucket - Original Commenter: KristinaYasudaVittorio gave feedback on Jan-5th-2023 SIOP call that same-device and cross-device both should be first-class citizens in SIOPv2 and OID4VP. |
Imported from AB/Connect bitbucket - Original Commenter: KristinaYasudaI would have to think a little more, but my two cents right now would be to stop using the term same-device, cross-device altogether. in OpenID4VP and SIOPv2, we can replace |
Imported from AB/Connect bitbucket - Original Commenter: KristinaYasudai really need to do a PR: https://bitbucket.org/openid/connect/pull-requests/404#comment-361285488 |
Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1448
Original Reporter: KristinaYasuda
There is a model that falls out of definitions of both same-device and cross-device flows in SIOP v2 specification. It’s when the flow starts and ends on one device, but the response_mode used is the same as if separate devices are involved. A table below might help:
Below is the current definition of the same-device and cross-device flows in SIOP v2 specification.
We could modify the definition or we could add a note to accommodate a third model…
The text was updated successfully, but these errors were encountered: