Help get this topic noticed by sharing it on Twitter, Facebook, or email.

Add consent context OpenID Connect?

What is the recommended way of adding consent context to an OpenID Connect session?

E.g. you want to add some context that will be displayed to the user in the authentication app dialogue?

One idea might be:

1. Create a backend service used to send in context data by the app requiring authentication, and that returns a session id
2. Add this session id as "nonce" in the initial call of the OpenID Connect protocol
3. Let the authentication app read the context based on the session id in the nonce field
4. The nonce value will be returned in the id_token, and can be verified by the app requesting authentication

Is this a way of doing this, or is there any better way?
2 people have
this question