vinckr
Reputation: 178
ORY Hydra: Can I reuse existing user session?
The documentation tells me that I have to display the login UI if hydra tells me to.
"The endpoint handler at /login must not remember previous sessions. This task is solved by ORY Hydra. If the REST API call tells you to show the login ui, you must show it. If the REST API tells you to not show the login ui, you must not show it. Again, do not implement any type of session here."
But why is that? Is there no secure way to reuse a existing user session?
Upvotes: 1
Views: 951
Answers (1)
civilhulk
Reputation: 11
Not if you want to stay compliant with openid connect.
This might be a bit of a read for you :) but ORY documents things about OpenID Connect and very well and you will find a lot of answers here:
https://www.ory.sh/hydra/docs/oauth2/
Upvotes: 1
Related Questions
- Oauth2 with ORY Hydra or ORY Kratos
- how to exchange code to token in Ory Hydra
- OpenID session management with ORY Hydra
- I am getting error of config file not found while set up of ory hydra
- ORY Hydra and validating an OpenID Connect login
- Session management/revocation with OAuth2 and OpenID Connect
- Session reusing in aiohhttp
- Session handling in OAuth
- OAuth and sticky sessions
- Python: How to "fork" a session in django