21Ara
OpenID Connect with a chain of Relying Parties
Is there a usage of OpenID Connect (OIDC) that allows for a chain of RP (terminology reference)
user -> RP#1
user <-redirect to chosen OP- RP#1
user -> OP: verifies identity
user <-redirects to RP#2- OP
user -> RP#2
user <-Signs this attestation and redirects to next RP in the chain- RP#2
user -> RP#1: Has an authenticated user by an OP, that is asserted by some other RP
The public component of RP#2's key could live at some /.well-known [link] path on RP#2
Why would someone want this?
It's useful if you need to authenticate a user from some other system that does not implement OIDC.
