Endpoint to check session state as per OpenID Connect Session Management 1.0 - draft 5.
The relying party client creates an invisible iframe that embeds the URL to the endpoint (by setting it as the
src attribute of the
The endpoint accepts postMessage API requests from the iframe, and it postMessages back with the login status of the user in AM.
The endpoint is always accessed from the root realm. For example,
Note that this endpoint has been removed in later versions of the OpenID Connect Session Management draft. For an alternative method of checking session state, see "Retrieving Session State without the Check Session Endpoint".