Stored consent given by users to non-trusted client applications

anvilresearch / connect

A modern authorization server built to authenticate your users and protect your APIs

http://anvil.io

MIT License

361 stars 85 forks source link

Stored consent given by users to non-trusted client applications #281

Closed EternalDeiwos closed 8 years ago

EternalDeiwos commented 8 years ago

As far as I know this isn't mentioned anywhere in the spec but it seems to be a common feature in current implementations of OIDC such as Google, GitHub and Facebook.

EternalDeiwos commented 8 years ago

Current behavior is to ask for after each login.

christiansmith commented 8 years ago

This looks like a duplicate of #26. We can probably sort it out in one or two pairing sessions.

christiansmith commented 8 years ago

Great work on #299 @EternalDeiwos. Thanks!