Overview#
Sid need some contextOpenID Connect#
Sid (Session ID) is defined in OpenID Connect Front-Channel Logout and OpenID Connect Back-Channel Logout as an OPTIONAL String identifier for a Session.OpenID Connect Front-Channel Logout clearly defines sid claim is for its use as a parameter for frontchannel_logout_uri as well as ID Token claim:
- sid OPTIONAL. Session ID - String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different sid values are used to identify distinct sessions at an OP. The sid value need only be unique in the context of a particular issuer. Its contents are opaque to the RP. Its syntax is the same as an OAuth 2.0 Client Identifier.
OpenID Connect Back-Channel Logout is defined only for its use in Logout Token:* 2.4. Logout Token ... The following Claims are used within the Logout Token: ...
- sid OPTIONAL. Session ID - String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different sid values are used to identify distinct sessions at an OP. The sid value need only be unique in the context of a particular issuer. Its contents are opaque to the RP. Its syntax is the same as an OAuth 2.0 Client Identifier.
There has been a Proposal: Back-Channel Logout 1.0 should also clearly define sid for its use as ID Token claim.