If the login/consent/profile management is suppsed to be sessionless, how can we get the current user session, so that profile management could be built(change email, picture, list all authorized apps and be able to revoke them)
PS: I already figured out the authorized apps via the private api.
Only solution that I could think of(and is probably hacky way) is having the profile management be like a first party client, so he can skip the consent in a normal oauth/oidc auth flow and get verified user id and stuff.(I suppose this is like silent signin)