On Thu, 2018-06-21 at 21:58 +0530, Hasini Witharana wrote: > Below diagram contains the OIDC flow.
(snip) It seems your diagram references a missing image file. But let's do this 'inline' My understanding is that the flow (roughly) is the following 1. User access Apache Sling login page - the login page contains a link to an external OAuth provider (Google) 2. User accesses 'Login with Google' link - the page now changes to Google's 3. User logs in to Google (if needed) and authorizes the sharing of identity and maybe other data 4. Google redirects the user to the Apache Sling page with an encoded message which contains the requested data Is that correct? The question is, in which step do you want to use a cookie and why? Thanks, Robert
