/oauth2/connect/checkSession

Endpoint to check session state as per OpenID Connect Session Management 1.0 - draft 5.

The relying party client creates an invisible iframe that embeds the URL to the endpoint (by setting it as the src attribute of the iframe tag).

The endpoint accepts postMessage API requests from the iframe, and it postMessages back with the login status of the user in AM. The endpoint is always accessed from the AM URL, without specifying a realm. For example, https://tenant-name.forgeblocks.com/am/oauth2/connect/checkSession.

Note that this endpoint has been removed in later versions of the OpenID Connect Session Management draft. For an alternative method of checking session state, see oidc1-guide:sessions-management.adoc.