External session management #1400
Replies: 1 comment 3 replies
-
|
You can certainly achieve this without additional support from the library, the cookie and session format is not a mystery, sessions are already backed by your own provided adapter, the Session class is exposed on Provider instance. |
Beta Was this translation helpful? Give feedback.
-
|
It definitely isn't a secret. But the library hard codes behaviors around it. It doesn't seem possible to get it to read the session data from an external source entirely. As in, not even generate a session IDbor store sessions in the adapter, and rely on a session maintained outside the library. P.S. Any proper place for community questions? |
Beta Was this translation helpful? Give feedback.
-
|
I misunderstood your idea then. Externalizing the session handling is a non-goal. Externally managed and established sessions can certainly be an input to your user interaction handlers, such as making them effectively a no-op. But that's about it. |
Beta Was this translation helpful? Give feedback.
-
|
Then I guess I just deal with the two sessions then...? Its also needed to logout the provider session when logging out the appsnown session for example. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
When using oidc-provider to add OIDC to an existing web app that already has an auth mechanism, oidc-provider will still create it's own auth session after an interaction ends, it could be useful to support integrating external auth sessions like this, so that both logging in directly without an OIDC interaction can already create the necessary things in the session for later login using OIDC, and for oidc-provider to fetch those from the external session instead of having to create its own session cookie.
Beta Was this translation helpful? Give feedback.
All reactions