Hi all, I am implementing OpenID Connect protocol for Sling. First, Sling is sending an authorization request to Google( OpenID Connect Provider - OP). This request contains an attribute call state. State is a string object.
If the authorization is successful Google will send a response with an authorization code. This response contains the same attribute state. This state value and the request's state value must be same. Then only we can validate the response. To implement the this, I need to store the first state value somewhere. The authorization code is valid for like 5 minutes. So the state value is only needed to be stored for like 5 minutes. Therefore I thought to use a simple cache for this purpose. I would like to get your opinions for this. Thank You. -- *Hasini Witharana* Undergraduate | Department of Computer Science and Engineering University of Moratuwa Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>
