• caglararli@hotmail.com
  • 05386281520

OpenID Connect with a chain of Relying Parties

Çağlar Arlı      -    97 Views

OpenID Connect with a chain of Relying Parties

Is there a usage of OpenID Connect (OIDC) that allows for a chain of RP (terminology reference)

user -> RP#1
user <-redirect to chosen OP- RP#1
user -> OP: verifies identity
user <-redirects to RP#2- OP
user -> RP#2
user <-Signs this attestation and redirects to next RP in the chain- RP#2
user -> RP#1: Has an authenticated user by an OP, that is asserted by some other RP

The public component of RP#2's key could live at some /.well-known [link] path on RP#2

Why would someone want this?
It's useful if you need to authenticate a user from some other system that does not implement OIDC.