Revise OAuth session and token identifier claims sid
, psid
, jti
etc.
#430
Labels
enhancement
New feature or request
sid
, psid
, jti
etc.
#430
Some custom Seacat claims clash with officially registered claims (https://www.iana.org/assignments/jwt/jwt.xhtml).
Current state in Seacat Auth
psid
claim contains "root" session IDsid
claim contains "client" Session IDjti
claim is not usedProposal
sid
is registered as "Session ID" for the purpose of SSO login and logout. In Seacat Auth this should correspond to the "root" session ID.jti
is registered as "JWToken ID" for the purpose of revoking the token, checking its uniqueness etc. This would have to be implemented.csid
(Client Session ID) to refer to the seacat client session id.The text was updated successfully, but these errors were encountered: