Hi Asela, We take the session updated time as the new auth_time.
Thank you. On Tue, Aug 29, 2017 at 5:59 PM, Asela Pathberiya <[email protected]> wrote: > > > On Tue, Aug 29, 2017 at 4:29 PM, Hasini Witharana <[email protected]> > wrote: > >> Hi Asela, >> >> If SP sends a force auth request, we update the existing session. >> > > So; Are we generating new auth_time when session is updated ? > > >> >> Thanks, >> Hasini >> >> >> >> On Wed, Aug 23, 2017 at 1:27 PM, Asela Pathberiya <[email protected]> wrote: >> >>> >>> >>> On Wed, Aug 23, 2017 at 12:46 PM, Hasini Witharana <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> In the OIDC specification auth_time is defined as below.[1] >>>> >>>> Time when the End-User authentication occurred. Its value is a JSON >>>> number representing the number of seconds from 1970-01-01T0:0:0Z as >>>> measured in UTC until the date/time. When a max_age request is made or >>>> when auth_time is requested as an Essential Claim, then this Claim is >>>> REQUIRED; otherwise, its inclusion is OPTIONAL. >>>> >>>> In the current implementation when the user is authenticated for the >>>> first time using user credentials, auth_time is considered as the session >>>> created time. After that when user is implicitly login in using a cookie >>>> without giving user credentials, auth_time is considered as session updated >>>> time. >>>> >>> >>> If SP sends a force authe request, Are we creating a new session or >>> update the existing session ? >>> >>> If max_age is expired, Does SP need to send a force auth request or >>> just an authentication request ? >>> >>> Thanks, >>> Asela. >>> >>>> >>>> As I think the auth_time should be the first time user authenticated >>>> using credentials. >>>> [2] is the fix made for this issue. >>>> >>>> Thank you. >>>> >>>> [1] - http://openid.net/specs/openid-connect-core-1_0.html >>>> [2] - https://github.com/wso2-extensions/identity-inbound-auth-oau >>>> th/pull/455 >>>> >>>> -- >>>> >>>> *Hasini Witharana* >>>> Software Engineering Intern | WSO2 >>>> >>>> >>>> *Email : [email protected] <[email protected]>* >>>> >>>> *Mobile : +94713850143 <+94%2071%20385%200143>[image: >>>> http://wso2.com/signature] <http://wso2.com/signature>* >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Asela >>> >>> ATL >>> Mobile : +94 777 625 933 <+94%2077%20762%205933> >>> +358 449 228 979 >>> >>> http://soasecurity.org/ >>> http://xacmlinfo.org/ >>> >> >> >> >> -- >> >> *Hasini Witharana* >> Software Engineering Intern | WSO2 >> >> >> *Email : [email protected] <[email protected]>* >> >> *Mobile : +94713850143 <+94%2071%20385%200143>[image: >> http://wso2.com/signature] <http://wso2.com/signature>* >> > > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 <+94%2077%20762%205933> > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > -- *Hasini Witharana* Software Engineering Intern | WSO2 *Email : [email protected] <[email protected]>* *Mobile : +94713850143[image: http://wso2.com/signature] <http://wso2.com/signature>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
