Managing OpenID Connect User Sessions

Logging in to the OpenID provider and obtaining tokens are well-stabilized processes in the OpenID specification. However, keeping the relying party informed of the session's validity is not as straightforward. The end user's session in AM is unavailable to the relying party, and therefore, the only information the relying party has is the expiration time of the ID token, which may be undesirable.

To solve this problem, AM supports different OpenID Connect specifications:

OpenID Connect Session Management

Relying parties can request session information from AM, and act on it. For example, they can request the user to log in.

Relying parties can also request AM to log out a user.

OpenID Connect Backchannel Logout

AM sends a logout token to the relevant relying parties when a user session linked to an ID token has become invalid.

Read a different version of :