Presenting multiple WebIDs in an ID Token #47
Comments
|
When using OpenID Connect, an identity provider should be authoritative for a single identity and therefore a single Instead, I would encourage you to look into delegation-base authentication flows, UMA-style claims pushing or Verifiable Credential-based auth as alternatives. |
That is not really true, though, since OpenID Connect does not specify anything about additional claims such as Thanks for the alternative suggestions, though. I'll look into them! |
Section 6.2 of the Solid-OIDC spec reads:
While this sentence implies that the token can only include a single WebID, it is perfectly possible for a user to have multiple WebIDs (cf. #46). In the use cases where an Identity Provider knows about more than one WebID, I believe it would be preferable to have the spec accept a list of them in the claim.
This would of course impact how Resource Servers (or their respective Authorization Server) have to deal with ID Tokens, but i.m.o. only for the better: users who indeed identify with multiple WebIDs would then be able to access all resources that they would otherwise be able to access with each of the WebIDs separately in multiple tokens.
Is something like this already proposed (I could not find it)? Do you think this is a good idea?
(I'm writing this about WebIDs, but this holds more generally for all kinds of "solid claims", cf. #26)
The text was updated successfully, but these errors were encountered: