[jira] [Updated] (SLING-13099) OIDC: Adjust org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl's OSGi config to support storing ID tokens

[Martin Knyazyan (Jira)]

     [ 
https://issues.apache.org/jira/browse/SLING-13099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martin Knyazyan updated SLING-13099:
------------------------------------
    Summary: OIDC: Adjust 
org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl's OSGi 
config to support storing ID tokens  (was: Adjust 
org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl's OSGi 
config to support storing ID tokens)

> OIDC: Adjust 
> org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl's OSGi 
> config to support storing ID tokens
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-13099
>                 URL: https://issues.apache.org/jira/browse/SLING-13099
>             Project: Sling
>          Issue Type: New Feature
>          Components: Extensions
>            Reporter: Martin Knyazyan
>            Priority: Minor
>
> *The Issue:*
> When implementing {*}RP-initiated logout{*}, Okta (and similar providers) 
> requires the {{id_token_hint=<id_token>}} request parameter to successfully 
> terminate the session on the IDP side.
> *Technical Gap:*
> Currently, 
> {{org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl is 
> designed to store the access_token and refresh_token }}on the user node. 
> Since the *ID token* is not persisted, we cannot retrieve it to complete the 
> logout handshake OOTB.
> *Improvement:*
> We need a standardized process within the OIDC implementation to store and 
> access *ID tokens* on the user node, similar to how access and refresh tokens 
> are handled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)