OpenId COnnect Session Management support?


#1

Hi,

As far as I could find, Hydra doesn’t support the Session Management part of OpenID Connect, correct?

Are there any plans to add it? Or does it not make sense in the context of Hydra to support that part of OpenID Connect?

TIA,

Paul


#2

Just to give some more context: am trying to use OpenID Connect through Hydra to seamlessly log in 3rd party apps (that must support OpenID Connect) w/o user interaction inside a portal app where the user is already authenticated using OpenId Connect.

To my knowledge OpenID Connect can be utilized for this (see http://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin), although I haven’t figured out exactly how this works.

And I think I need the Session stuff automatically log out the 3rd party apps when the user logs out of the portal

If I’m going about this the wrong way or if OpenID Connect is not the tool to do this, feel free to correct me :slight_smile:


#3

The spec is a draft and has terrible developer experience (IMO) and very little support in regards to libraries and has no way of testing (officially) if it’s implemented correctly. Additionally, there are some things like global logout which we can’t implement with the current login / consent flow IIRC.

However, feel free to discuss implementation ideas in this issue: https://github.com/ory/hydra/issues/834

If there is a way to get a clean experience on this, it would be worth checking that out.

Please note that hydra supports logout of users and individual browser sessions.