Below diagram contains the OIDC flow.
On Thu, Jun 21, 2018 at 7:19 AM, Hasini Witharana <[email protected]> wrote: > Hi all, > > I am implementing an OpenID Connect(OIDC) handler for Apache Sling. In an > OIDC request there is a parameter called state. Below is the definition > given to state in OIDC specification[1]. > state RECOMMENDED. Opaque value used to maintain state between the > request and the callback. Typically, Cross-Site Request Forgery (CSRF, > XSRF) mitigation is done by cryptographically binding the value of this > parameter with a browser cookie. > I want to store the state value in a HashMap against an unique parameter > such as browser cookie. Is there any implementation in Sling to take the > browser cookie or what should I use instead of cookie? > > Thank You. > [1] - https://openid.net/specs/openid-connect-basic-1_0.html > > > -- > *Hasini Witharana* > Undergraduate | Department of Computer Science and Engineering > University of Moratuwa > Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/> > -- *Hasini Witharana* Undergraduate | Department of Computer Science and Engineering University of Moratuwa Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>
