Open ViRuSTriNiTy opened 4 years ago
Hi there,
the article https://mcguirev10.com/2019/12/16/blazor-login-expiration-with-openid-connect.html shows a class for auth and cache data with a property SubjectId. This property is later initialized from the sid claim. This is misleading because the sid claim is actually the session id.
Reference: https://openid.net/specs/openid-connect-frontchannel-1_0.html#rfc.section.3
sid Session ID - String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User
sid
The subject ID should be retrieved from the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier claim instead.
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
The documentation and source code should be updated accordingly to avoid confusion.
So lonG Daniel
Hi there,
the article https://mcguirev10.com/2019/12/16/blazor-login-expiration-with-openid-connect.html shows a class for auth and cache data with a property SubjectId. This property is later initialized from the sid claim. This is misleading because the sid claim is actually the session id.
Reference: https://openid.net/specs/openid-connect-frontchannel-1_0.html#rfc.section.3
The subject ID should be retrieved from the
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
claim instead.The documentation and source code should be updated accordingly to avoid confusion.
So lonG Daniel