simplesamlphp-module-oidc icon indicating copy to clipboard operation
simplesamlphp-module-oidc copied to clipboard

Published 20 hours ago verified publisher icon simplesamlphp

Parameter "id_token_hint" is ignored

Open sgomez opened this issue 4 years ago • 2 comments

According https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1

id_token_hint is a ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.

This parameter is ignored

sgomez avatar May 04 '21 07:05 sgomez

Currently Microsoft has an External Authentication Method [1] in preview that allows 3rd party OIDC providers to provide Entra ID MFA for Azure based applications. The authorization call contains a signed id_token_hint that needs to be parsed and verified and requires the OP to return the authorization result as a form_post. It would be nice if the simpleSAMLphp OIDC module would support these requests.

[1] https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-external-method-provider#microsoft-entra-id-call-to-the-external-identity-provider

mrvanes avatar Dec 02 '24 18:12 mrvanes

Note for response mode related specs:

  • query, fragment (supported): https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html
  • form_post (not supported): https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html

cicnavi avatar Dec 03 '24 08:12 cicnavi