Session 2.2.1 - Refresh Session characterization misleading

Issue #369 resolved
Michael Jones
created an issue

Yaron Goland wrote this about the "Refresh Session" section:

There is no refresh. There is just logging the user in again. Note that this might be invisible to the user if it turns out that the user’s login session lasts longer than the client’s id token. But nevertheless there is another visit back to the authorization server to get a new id token and it works just like all other login requests, nothing new or magical.

Comments (2)

  1. Log in to comment