تنفيذ تسجيل الخروج وإدارة الجلسة من OIDC: دليل كامل
استكشف التوثيق وإدارة الجلسة في OIDC بعمق. تعلم كيفية تنفيذ خروج OIDC المبادر من العميل و IdP والخروج عبر القناة الخلفية لتحقيق معالجة أمنة للجلسة.
Developer
ما هي إدارة الجلسة في OIDC
OpenID Connect (OIDC) هي طبقة هوية بسيطة مبنية على بروتوكول OAuth 2.0. تسمح للعملاء بالتحقق من هوية المستخدم النهائي بناءً على التوثيق الذي يتم بواسطة خادم التفويض، وكذلك للحصول على معلومات الملف الشخصي الأساسية عن المستخدم النهائي بطريقة قابلة للتشغيل المتبادل وشبيهة بالأمان في REST.
تم تصميم OIDC لتكون سهلة الاستخدام والتنفيذ، مع التركيز على البساطة والمرونة. هي مستخدمة على نطاق واسع لتسجيل الدخول الموحد (SSO) والتحقق من الهوية في تطبيقات الويب، وتطبيقات المحمول، وواجهات برمجة التطبيقات.
يعد فهم حالة التوثيق وإدارة الجلسات في OIDC أمرًا حاسمًا. توضح هذه المقالة كيفية إدارة جلسات OIDC وحالة توثيق المستخدم في سياق التفاعلات بين مزود الهوية (IdP) والطرف المعتمد (RP) أو مزود الخدمة (SP).
تتضمن هذه المقالة عدة مصطلحات رئيسية:
- مزود الهوية (IdP): هي الخدمة التي تخزن وتوثق هويات المستخدمين.
- مزود الخدمة (SP) أو الطرف المعتمد (RP): هو تطبيق ويب أو خدمة تقدم خدمات للمستخدمين وتعتمد على IdP لتوثيق المستخدم.
- جلسة تسجيل الدخول أو جلسة التوثيق: هي الجلسة التي تُنشأ عندما يقوم المستخدم بتسجيل الدخول إلى IdP.
- التصريح: هي المعلومات المركزية لتوثيق وإذن المستخدم التي يتم إنشاؤها وإدارتها بواسطة IdP.
- تسجيل الدخول الموحد (SSO): هي خدمة جلسة وتوثيق المستخدم التي تسمح للمستخدم باستخدام مجموعة واحدة من بيانات الدخول (مثل الاسم وكلمة المرور) للوصول إلى تطبيقات متعددة.
كيف يعمل تدفق توثيق OIDC
لفهم إدارة جلسة OIDC وحالة توثيق المستخدم بشكل أفضل، دعنا نراجع بإيجاز تدفق توثيق OIDC لتطبيق ويب:
' fill='transparent' y='0' x='979'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='text' alignment-baseline='central' dominant-baseline='central' y='8.5' x='1253.5'%3e%3ctspan dy='0' x='1253.5'%3eIdentity Provider (IdP)%3c/tspan%3e%3c/text%3e%3c/g%3e%3cg%3e%3crect class='rect' height='599' width='160' stroke='rgb(0%2c0%2c0%2c 0.5)' fill='transparent' y='0' x='236'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='text' alignment-baseline='central' dominant-baseline='central' y='8.5' x='316'%3e%3ctspan dy='0' x='316'%3eRelying Party (RP)%3c/tspan%3e%3c/text%3e%3c/g%3e%3cg%3e%3crect class='actor actor-bottom' ry='3' rx='3' name='SignIn' height='65' width='150' stroke='%23666' fill='%23eaeaea' y='524' x='1373'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-box' alignment-baseline='central' dominant-baseline='central' y='556.5' x='1448'%3e%3ctspan dy='0' x='1448'%3eSign-in page%3c/tspan%3e%3c/text%3e%3c/g%3e%3cg%3e%3crect class='actor actor-bottom' ry='3' rx='3' name='OIDC' height='65' width='150' stroke='%23666' fill='%23eaeaea' y='524' x='984'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-box' alignment-baseline='central' dominant-baseline='central' y='556.5' x='1059'%3e%3ctspan dy='0' x='1059'%3eOIDC provider%3c/tspan%3e%3c/text%3e%3c/g%3e%3cg%3e%3crect class='actor actor-bottom' ry='3' rx='3' name='Client' height='65' width='150' stroke='%23666' fill='%23eaeaea' y='524' x='241'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-box' alignment-baseline='central' dominant-baseline='central' y='556.5' x='316'%3e%3ctspan dy='0' x='316'%3eClient application%3c/tspan%3e%3c/text%3e%3c/g%3e%3cg/%3e%3cg%3e%3cline name='SignIn' stroke='%23999' stroke-width='0.5px' class='actor-line 200' y2='524' x2='1448' y1='92' x1='1448' id='actor3'/%3e%3cg id='root-3'%3e%3crect class='actor actor-top' ry='3' rx='3' name='SignIn' height='65' width='150' stroke='%23666' fill='%23eaeaea' y='27' x='1373'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-box' alignment-baseline='central' dominant-baseline='central' y='59.5' x='1448'%3e%3ctspan dy='0' x='1448'%3eSign-in page%3c/tspan%3e%3c/text%3e%3c/g%3e%3c/g%3e%3cg%3e%3cline name='OIDC' stroke='%23999' stroke-width='0.5px' class='actor-line 200' y2='524' x2='1059' y1='92' x1='1059' id='actor2'/%3e%3cg id='root-2'%3e%3crect class='actor actor-top' ry='3' rx='3' name='OIDC' height='65' width='150' stroke='%23666' fill='%23eaeaea' y='27' x='984'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-box' alignment-baseline='central' dominant-baseline='central' y='59.5' x='1059'%3e%3ctspan dy='0' x='1059'%3eOIDC provider%3c/tspan%3e%3c/text%3e%3c/g%3e%3c/g%3e%3cg%3e%3cline name='Client' stroke='%23999' stroke-width='0.5px' class='actor-line 200' y2='524' x2='316' y1='92' x1='316' id='actor1'/%3e%3cg id='root-1'%3e%3crect class='actor actor-top' ry='3' rx='3' name='Client' height='65' width='150' stroke='%23666' fill='%23eaeaea' y='27' x='241'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-box' alignment-baseline='central' dominant-baseline='central' y='59.5' x='316'%3e%3ctspan dy='0' x='316'%3eClient application%3c/tspan%3e%3c/text%3e%3c/g%3e%3c/g%3e%3cg%3e%3cline name='User' stroke='%23999' stroke-width='0.5px' class='actor-line 200' y2='524' x2='75' y1='107' x1='75' id='actor0'/%3e%3c/g%3e%3cstyle%3e%23mermaid-0%7bfont-family:arial%2csans-serif%3bfont-size:16px%3bfill:%23333%3b%7d%23mermaid-0 .error-icon%7bfill:%23552222%3b%7d%23mermaid-0 .error-text%7bfill:%23552222%3bstroke:%23552222%3b%7d%23mermaid-0 .edge-thickness-normal%7bstroke-width:1px%3b%7d%23mermaid-0 .edge-thickness-thick%7bstroke-width:3.5px%3b%7d%23mermaid-0 .edge-pattern-solid%7bstroke-dasharray:0%3b%7d%23mermaid-0 .edge-thickness-invisible%7bstroke-width:0%3bfill:none%3b%7d%23mermaid-0 .edge-pattern-dashed%7bstroke-dasharray:3%3b%7d%23mermaid-0 .edge-pattern-dotted%7bstroke-dasharray:2%3b%7d%23mermaid-0 .marker%7bfill:%23333333%3bstroke:%23333333%3b%7d%23mermaid-0 .marker.cross%7bstroke:%23333333%3b%7d%23mermaid-0 svg%7bfont-family:arial%2csans-serif%3bfont-size:16px%3b%7d%23mermaid-0 p%7bmargin:0%3b%7d%23mermaid-0 .actor%7bstroke:hsl(259.6261682243%2c 59.7765363128%25%2c 87.9019607843%25)%3bfill:%23ECECFF%3b%7d%23mermaid-0 text.actor%26gt%3btspan%7bfill:black%3bstroke:none%3b%7d%23mermaid-0 .actor-line%7bstroke:hsl(259.6261682243%2c 59.7765363128%25%2c 87.9019607843%25)%3b%7d%23mermaid-0 .messageLine0%7bstroke-width:1.5%3bstroke-dasharray:none%3bstroke:%23333%3b%7d%23mermaid-0 .messageLine1%7bstroke-width:1.5%3bstroke-dasharray:2%2c2%3bstroke:%23333%3b%7d%23mermaid-0 %23arrowhead path%7bfill:%23333%3bstroke:%23333%3b%7d%23mermaid-0 .sequenceNumber%7bfill:white%3b%7d%23mermaid-0 %23sequencenumber%7bfill:%23333%3b%7d%23mermaid-0 %23crosshead path%7bfill:%23333%3bstroke:%23333%3b%7d%23mermaid-0 .messageText%7bfill:%23333%3bstroke:none%3b%7d%23mermaid-0 .labelBox%7bstroke:hsl(259.6261682243%2c 59.7765363128%25%2c 87.9019607843%25)%3bfill:%23ECECFF%3b%7d%23mermaid-0 .labelText%2c%23mermaid-0 .labelText%26gt%3btspan%7bfill:black%3bstroke:none%3b%7d%23mermaid-0 .loopText%2c%23mermaid-0 .loopText%26gt%3btspan%7bfill:black%3bstroke:none%3b%7d%23mermaid-0 .loopLine%7bstroke-width:2px%3bstroke-dasharray:2%2c2%3bstroke:hsl(259.6261682243%2c 59.7765363128%25%2c 87.9019607843%25)%3bfill:hsl(259.6261682243%2c 59.7765363128%25%2c 87.9019607843%25)%3b%7d%23mermaid-0 .note%7bstroke:%23aaaa33%3bfill:%23fff5ad%3b%7d%23mermaid-0 .noteText%2c%23mermaid-0 .noteText%26gt%3btspan%7bfill:black%3bstroke:none%3b%7d%23mermaid-0 .activation0%7bfill:%23f4f4f4%3bstroke:%23666%3b%7d%23mermaid-0 .activation1%7bfill:%23f4f4f4%3bstroke:%23666%3b%7d%23mermaid-0 .activation2%7bfill:%23f4f4f4%3bstroke:%23666%3b%7d%23mermaid-0 .actorPopupMenu%7bposition:absolute%3b%7d%23mermaid-0 .actorPopupMenuPanel%7bposition:absolute%3bfill:%23ECECFF%3bbox-shadow:0px 8px 16px 0px rgba(0%2c0%2c0%2c0.2)%3bfilter:drop-shadow(3px 5px 2px rgb(0 0 0 / 0.4))%3b%7d%23mermaid-0 .actor-man line%7bstroke:hsl(259.6261682243%2c 59.7765363128%25%2c 87.9019607843%25)%3bfill:%23ECECFF%3b%7d%23mermaid-0 .actor-man circle%2c%23mermaid-0 line%7bstroke:hsl(259.6261682243%2c 59.7765363128%25%2c 87.9019607843%25)%3bfill:%23ECECFF%3bstroke-width:2px%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg/%3e%3cdefs%3e%3csymbol height='24' width='24' id='computer'%3e%3cpath d='M2 2v13h20v-13h-20zm18 11h-16v-9h16v9zm-10.228 6l.466-1h3.524l.467 1h-4.457zm14.228 3h-24l2-6h2.104l-1.33 4h18.45l-1.297-4h2.073l2 6zm-5-10h-14v-7h14v7z' transform='scale(.5)'/%3e%3c/symbol%3e%3c/defs%3e%3cdefs%3e%3csymbol clip-rule='evenodd' fill-rule='evenodd' id='database'%3e%3cpath d='M12.258.001l.256.004.255.005.253.008.251.01.249.012.247.015.246.016.242.019.241.02.239.023.236.024.233.027.231.028.229.031.225.032.223.034.22.036.217.038.214.04.211.041.208.043.205.045.201.046.198.048.194.05.191.051.187.053.183.054.18.056.175.057.172.059.168.06.163.061.16.063.155.064.15.066.074.033.073.033.071.034.07.034.069.035.068.035.067.035.066.035.064.036.064.036.062.036.06.036.06.037.058.037.058.037.055.038.055.038.053.038.052.038.051.039.05.039.048.039.047.039.045.04.044.04.043.04.041.04.04.041.039.041.037.041.036.041.034.041.033.042.032.042.03.042.029.042.027.042.026.043.024.043.023.043.021.043.02.043.018.044.017.043.015.044.013.044.012.044.011.045.009.044.007.045.006.045.004.045.002.045.001.045v17l-.001.045-.002.045-.004.045-.006.045-.007.045-.009.044-.011.045-.012.044-.013.044-.015.044-.017.043-.018.044-.02.043-.021.043-.023.043-.024.043-.026.043-.027.042-.029.042-.03.042-.032.042-.033.042-.034.041-.036.041-.037.041-.039.041-.04.041-.041.04-.043.04-.044.04-.045.04-.047.039-.048.039-.05.039-.051.039-.052.038-.053.038-.055.038-.055.038-.058.037-.058.037-.06.037-.06.036-.062.036-.064.036-.064.036-.066.035-.067.035-.068.035-.069.035-.07.034-.071.034-.073.033-.074.033-.15.066-.155.064-.16.063-.163.061-.168.06-.172.059-.175.057-.18.056-.183.054-.187.053-.191.051-.194.05-.198.048-.201.046-.205.045-.208.043-.211.041-.214.04-.217.038-.22.036-.223.034-.225.032-.229.031-.231.028-.233.027-.236.024-.239.023-.241.02-.242.019-.246.016-.247.015-.249.012-.251.01-.253.008-.255.005-.256.004-.258.001-.258-.001-.256-.004-.255-.005-.253-.008-.251-.01-.249-.012-.247-.015-.245-.016-.243-.019-.241-.02-.238-.023-.236-.024-.234-.027-.231-.028-.228-.031-.226-.032-.223-.034-.22-.036-.217-.038-.214-.04-.211-.041-.208-.043-.204-.045-.201-.046-.198-.048-.195-.05-.19-.051-.187-.053-.184-.054-.179-.056-.176-.057-.172-.059-.167-.06-.164-.061-.159-.063-.155-.064-.151-.066-.074-.033-.072-.033-.072-.034-.07-.034-.069-.035-.068-.035-.067-.035-.066-.035-.064-.036-.063-.036-.062-.036-.061-.036-.06-.037-.058-.037-.057-.037-.056-.038-.055-.038-.053-.038-.052-.038-.051-.039-.049-.039-.049-.039-.046-.039-.046-.04-.044-.04-.043-.04-.041-.04-.04-.041-.039-.041-.037-.041-.036-.041-.034-.041-.033-.042-.032-.042-.03-.042-.029-.042-.027-.042-.026-.043-.024-.043-.023-.043-.021-.043-.02-.043-.018-.044-.017-.043-.015-.044-.013-.044-.012-.044-.011-.045-.009-.044-.007-.045-.006-.045-.004-.045-.002-.045-.001-.045v-17l.001-.045.002-.045.004-.045.006-.045.007-.045.009-.044.011-.045.012-.044.013-.044.015-.044.017-.043.018-.044.02-.043.021-.043.023-.043.024-.043.026-.043.027-.042.029-.042.03-.042.032-.042.033-.042.034-.041.036-.041.037-.041.039-.041.04-.041.041-.04.043-.04.044-.04.046-.04.046-.039.049-.039.049-.039.051-.039.052-.038.053-.038.055-.038.056-.038.057-.037.058-.037.06-.037.061-.036.062-.036.063-.036.064-.036.066-.035.067-.035.068-.035.069-.035.07-.034.072-.034.072-.033.074-.033.151-.066.155-.064.159-.063.164-.061.167-.06.172-.059.176-.057.179-.056.184-.054.187-.053.19-.051.195-.05.198-.048.201-.046.204-.045.208-.043.211-.041.214-.04.217-.038.22-.036.223-.034.226-.032.228-.031.231-.028.234-.027.236-.024.238-.023.241-.02.243-.019.245-.016.247-.015.249-.012.251-.01.253-.008.255-.005.256-.004.258-.001.258.001zm-9.258 20.499v.01l.001.021.003.021.004.022.005.021.006.022.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.023.018.024.019.024.021.024.022.025.023.024.024.025.052.049.056.05.061.051.066.051.07.051.075.051.079.052.084.052.088.052.092.052.097.052.102.051.105.052.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.048.144.049.147.047.152.047.155.047.16.045.163.045.167.043.171.043.176.041.178.041.183.039.187.039.19.037.194.035.197.035.202.033.204.031.209.03.212.029.216.027.219.025.222.024.226.021.23.02.233.018.236.016.24.015.243.012.246.01.249.008.253.005.256.004.259.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.021.224-.024.22-.026.216-.027.212-.028.21-.031.205-.031.202-.034.198-.034.194-.036.191-.037.187-.039.183-.04.179-.04.175-.042.172-.043.168-.044.163-.045.16-.046.155-.046.152-.047.148-.048.143-.049.139-.049.136-.05.131-.05.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.053.083-.051.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.05.023-.024.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.023.01-.022.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.127l-.077.055-.08.053-.083.054-.085.053-.087.052-.09.052-.093.051-.095.05-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.045-.118.044-.12.043-.122.042-.124.042-.126.041-.128.04-.13.04-.132.038-.134.038-.135.037-.138.037-.139.035-.142.035-.143.034-.144.033-.147.032-.148.031-.15.03-.151.03-.153.029-.154.027-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.01-.179.008-.179.008-.181.006-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.006-.179-.008-.179-.008-.178-.01-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.027-.153-.029-.151-.03-.15-.03-.148-.031-.146-.032-.145-.033-.143-.034-.141-.035-.14-.035-.137-.037-.136-.037-.134-.038-.132-.038-.13-.04-.128-.04-.126-.041-.124-.042-.122-.042-.12-.044-.117-.043-.116-.045-.113-.045-.112-.046-.109-.047-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.05-.093-.052-.09-.051-.087-.052-.085-.053-.083-.054-.08-.054-.077-.054v4.127zm0-5.654v.011l.001.021.003.021.004.021.005.022.006.022.007.022.009.022.01.022.011.023.012.023.013.023.015.024.016.023.017.024.018.024.019.024.021.024.022.024.023.025.024.024.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.052.11.051.114.051.119.052.123.05.127.051.131.05.135.049.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.044.171.042.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.022.23.02.233.018.236.016.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.012.241-.015.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.048.139-.05.136-.049.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.051.051-.049.023-.025.023-.024.021-.025.02-.024.019-.024.018-.024.017-.024.015-.023.014-.023.013-.024.012-.022.01-.023.01-.023.008-.022.006-.022.006-.022.004-.021.004-.022.001-.021.001-.021v-4.139l-.077.054-.08.054-.083.054-.085.052-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.049-.105.048-.106.047-.109.047-.111.046-.114.045-.115.044-.118.044-.12.044-.122.042-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.035-.143.033-.144.033-.147.033-.148.031-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.025-.161.024-.162.023-.163.022-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.011-.178.009-.179.009-.179.007-.181.007-.182.005-.182.004-.184.003-.184.002h-.37l-.184-.002-.184-.003-.182-.004-.182-.005-.181-.007-.179-.007-.179-.009-.178-.009-.176-.011-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.022-.162-.023-.161-.024-.159-.025-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.031-.146-.033-.145-.033-.143-.033-.141-.035-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.04-.126-.041-.124-.042-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.047-.105-.048-.102-.049-.1-.049-.097-.05-.095-.051-.093-.051-.09-.051-.087-.053-.085-.052-.083-.054-.08-.054-.077-.054v4.139zm0-5.666v.011l.001.02.003.022.004.021.005.022.006.021.007.022.009.023.01.022.011.023.012.023.013.023.015.023.016.024.017.024.018.023.019.024.021.025.022.024.023.024.024.025.052.05.056.05.061.05.066.051.07.051.075.052.079.051.084.052.088.052.092.052.097.052.102.052.105.051.11.052.114.051.119.051.123.051.127.05.131.05.135.05.139.049.144.048.147.048.152.047.155.046.16.045.163.045.167.043.171.043.176.042.178.04.183.04.187.038.19.037.194.036.197.034.202.033.204.032.209.03.212.028.216.027.219.025.222.024.226.021.23.02.233.018.236.017.24.014.243.012.246.01.249.008.253.006.256.003.259.001.26-.001.257-.003.254-.006.25-.008.247-.01.244-.013.241-.014.237-.016.233-.018.231-.02.226-.022.224-.024.22-.025.216-.027.212-.029.21-.03.205-.032.202-.033.198-.035.194-.036.191-.037.187-.039.183-.039.179-.041.175-.042.172-.043.168-.044.163-.045.16-.045.155-.047.152-.047.148-.048.143-.049.139-.049.136-.049.131-.051.126-.05.123-.051.118-.052.114-.051.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.052.07-.051.065-.051.06-.051.056-.05.051-.049.023-.025.023-.025.021-.024.02-.024.019-.024.018-.024.017-.024.015-.023.014-.024.013-.023.012-.023.01-.022.01-.023.008-.022.006-.022.006-.022.004-.022.004-.021.001-.021.001-.021v-4.153l-.077.054-.08.054-.083.053-.085.053-.087.053-.09.051-.093.051-.095.051-.097.05-.1.049-.102.048-.105.048-.106.048-.109.046-.111.046-.114.046-.115.044-.118.044-.12.043-.122.043-.124.042-.126.041-.128.04-.13.039-.132.039-.134.038-.135.037-.138.036-.139.036-.142.034-.143.034-.144.033-.147.032-.148.032-.15.03-.151.03-.153.028-.154.028-.156.027-.158.026-.159.024-.161.024-.162.023-.163.023-.165.021-.166.02-.167.019-.169.018-.169.017-.171.016-.173.015-.173.014-.175.013-.175.012-.177.01-.178.01-.179.009-.179.007-.181.006-.182.006-.182.004-.184.003-.184.001-.185.001-.185-.001-.184-.001-.184-.003-.182-.004-.182-.006-.181-.006-.179-.007-.179-.009-.178-.01-.176-.01-.176-.012-.175-.013-.173-.014-.172-.015-.171-.016-.17-.017-.169-.018-.167-.019-.166-.02-.165-.021-.163-.023-.162-.023-.161-.024-.159-.024-.157-.026-.156-.027-.155-.028-.153-.028-.151-.03-.15-.03-.148-.032-.146-.032-.145-.033-.143-.034-.141-.034-.14-.036-.137-.036-.136-.037-.134-.038-.132-.039-.13-.039-.128-.041-.126-.041-.124-.041-.122-.043-.12-.043-.117-.044-.116-.044-.113-.046-.112-.046-.109-.046-.106-.048-.105-.048-.102-.048-.1-.05-.097-.049-.095-.051-.093-.051-.09-.052-.087-.052-.085-.053-.083-.053-.08-.054-.077-.054v4.153zm8.74-8.179l-.257.004-.254.005-.25.008-.247.011-.244.012-.241.014-.237.016-.233.018-.231.021-.226.022-.224.023-.22.026-.216.027-.212.028-.21.031-.205.032-.202.033-.198.034-.194.036-.191.038-.187.038-.183.04-.179.041-.175.042-.172.043-.168.043-.163.045-.16.046-.155.046-.152.048-.148.048-.143.048-.139.049-.136.05-.131.05-.126.051-.123.051-.118.051-.114.052-.11.052-.106.052-.101.052-.096.052-.092.052-.088.052-.083.052-.079.052-.074.051-.07.052-.065.051-.06.05-.056.05-.051.05-.023.025-.023.024-.021.024-.02.025-.019.024-.018.024-.017.023-.015.024-.014.023-.013.023-.012.023-.01.023-.01.022-.008.022-.006.023-.006.021-.004.022-.004.021-.001.021-.001.021.001.021.001.021.004.021.004.022.006.021.006.023.008.022.01.022.01.023.012.023.013.023.014.023.015.024.017.023.018.024.019.024.02.025.021.024.023.024.023.025.051.05.056.05.06.05.065.051.07.052.074.051.079.052.083.052.088.052.092.052.096.052.101.052.106.052.11.052.114.052.118.051.123.051.126.051.131.05.136.05.139.049.143.048.148.048.152.048.155.046.16.046.163.045.168.043.172.043.175.042.179.041.183.04.187.038.191.038.194.036.198.034.202.033.205.032.21.031.212.028.216.027.22.026.224.023.226.022.231.021.233.018.237.016.241.014.244.012.247.011.25.008.254.005.257.004.26.001.26-.001.257-.004.254-.005.25-.008.247-.011.244-.012.241-.014.237-.016.233-.018.231-.021.226-.022.224-.023.22-.026.216-.027.212-.028.21-.031.205-.032.202-.033.198-.034.194-.036.191-.038.187-.038.183-.04.179-.041.175-.042.172-.043.168-.043.163-.045.16-.046.155-.046.152-.048.148-.048.143-.048.139-.049.136-.05.131-.05.126-.051.123-.051.118-.051.114-.052.11-.052.106-.052.101-.052.096-.052.092-.052.088-.052.083-.052.079-.052.074-.051.07-.052.065-.051.06-.05.056-.05.051-.05.023-.025.023-.024.021-.024.02-.025.019-.024.018-.024.017-.023.015-.024.014-.023.013-.023.012-.023.01-.023.01-.022.008-.022.006-.023.006-.021.004-.022.004-.021.001-.021.001-.021-.001-.021-.001-.021-.004-.021-.004-.022-.006-.021-.006-.023-.008-.022-.01-.022-.01-.023-.012-.023-.013-.023-.014-.023-.015-.024-.017-.023-.018-.024-.019-.024-.02-.025-.021-.024-.023-.024-.023-.025-.051-.05-.056-.05-.06-.05-.065-.051-.07-.052-.074-.051-.079-.052-.083-.052-.088-.052-.092-.052-.096-.052-.101-.052-.106-.052-.11-.052-.114-.052-.118-.051-.123-.051-.126-.051-.131-.05-.136-.05-.139-.049-.143-.048-.148-.048-.152-.048-.155-.046-.16-.046-.163-.045-.168-.043-.172-.043-.175-.042-.179-.041-.183-.04-.187-.038-.191-.038-.194-.036-.198-.034-.202-.033-.205-.032-.21-.031-.212-.028-.216-.027-.22-.026-.224-.023-.226-.022-.231-.021-.233-.018-.237-.016-.241-.014-.244-.012-.247-.011-.25-.008-.254-.005-.257-.004-.26-.001-.26.001z' transform='scale(.5)'/%3e%3c/symbol%3e%3c/defs%3e%3cdefs%3e%3csymbol height='24' width='24' id='clock'%3e%3cpath d='M12 2c5.514 0 10 4.486 10 10s-4.486 10-10 10-10-4.486-10-10 4.486-10 10-10zm0-2c-6.627 0-12 5.373-12 12s5.373 12 12 12 12-5.373 12-12-5.373-12-12-12zm5.848 12.459c.202.038.202.333.001.372-1.907.361-6.045 1.111-6.547 1.111-.719 0-1.301-.582-1.301-1.301 0-.512.77-5.447 1.125-7.445.034-.192.312-.181.343.014l.985 6.238 5.394 1.011z' transform='scale(.5)'/%3e%3c/symbol%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto-start-reverse' markerHeight='12' markerWidth='12' markerUnits='userSpaceOnUse' refY='5' refX='7.9' id='arrowhead'%3e%3cpath d='M -1 0 L 10 5 L 0 10 z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker refY='4.5' refX='4' orient='auto' markerHeight='8' markerWidth='15' id='crosshead'%3e%3cpath style='stroke-dasharray: 0%2c 0%3b' d='M 1%2c2 L 6%2c7 M 6%2c2 L 1%2c7' stroke-width='1pt' stroke='black' fill='none'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='28' markerWidth='20' refY='7' refX='15.5' id='filled-head'%3e%3cpath d='M 18%2c7 L9%2c13 L14%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='40' markerWidth='60' refY='15' refX='15' id='sequencenumber'%3e%3ccircle r='6' cy='15' cx='15'/%3e%3c/marker%3e%3c/defs%3e%3cg name='User' class='actor-man actor-top'%3e%3cline y2='72' x2='75' y1='52' x1='75' id='actor-man-torso0'/%3e%3cline y2='60' x2='93' y1='60' x1='57' id='actor-man-arms0'/%3e%3cline y2='72' x2='75' y1='87' x1='57'/%3e%3cline y2='87' x2='91' y1='72' x1='75'/%3e%3ccircle height='65' width='150' r='15' cy='37' cx='75'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-man' alignment-baseline='central' dominant-baseline='central' y='94.5' x='75'%3e%3ctspan dy='0' x='75'%3eUser%3c/tspan%3e%3c/text%3e%3c/g%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='107' x='194'%3eAccess web application%3c/text%3e%3cline style='fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine0' y2='136' x2='312' y1='136' x1='76'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='140' x='76'%3e1%3c/text%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='151' x='686'%3eRedirect user to OIDC for authentication%3c/text%3e%3cline style='fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine0' y2='180' x2='1055' y1='180' x1='317'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='184' x='317'%3e2%3c/text%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='195' x='1060'%3eCheck user's sign-in session%3c/text%3e%3cpath style='stroke-dasharray: 3%2c 3%3b fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine1' d='M 1060%2c224 C 1120%2c214 1120%2c254 1060%2c244'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='228' x='1060'%3e3%3c/text%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='269' x='1252'%3ePrompt user to sign in%3c/text%3e%3cline style='fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine0' y2='298' x2='1444' y1='298' x1='1060'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='302' x='1060'%3e4%3c/text%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='313' x='1255'%3eIdentify user and submit the interaction result%3c/text%3e%3cline style='fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine0' y2='342' x2='1063' y1='342' x1='1447'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='346' x='1447'%3e5%3c/text%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='357' x='1060'%3eEstablish user's sign-in session and authentication grant%3c/text%3e%3cpath style='stroke-dasharray: 3%2c 3%3b fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine1' d='M 1060%2c386 C 1120%2c376 1120%2c416 1060%2c406'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='390' x='1060'%3e6%3c/text%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='431' x='689'%3eRedirect user back to the web application with authentication code (Authorization Code flow)%3c/text%3e%3cline style='fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine0' y2='460' x2='320' y1='460' x1='1058'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='464' x='1058'%3e7%3c/text%3e%3ctext style='font-family: arial%2c sans-serif%3b font-size: 16px%3b font-weight: 400%3b' dy='1em' class='messageText' alignment-baseline='middle' dominant-baseline='middle' text-anchor='middle' y='475' x='686'%3eExchange the code for tokens%3c/text%3e%3cline style='fill: none%3b' marker-start='url(%23sequencenumber)' marker-end='url(%23arrowhead)' stroke='none' stroke-width='2' class='messageLine0' y2='504' x2='1055' y1='504' x1='317'/%3e%3ctext class='sequenceNumber' text-anchor='middle' font-size='12px' font-family='sans-serif' y='508' x='317'%3e8%3c/text%3e%3cg name='User' class='actor-man actor-bottom'%3e%3cline y2='569' x2='75' y1='549' x1='75' id='actor-man-torso3'/%3e%3cline y2='557' x2='93' y1='557' x1='57' id='actor-man-arms3'/%3e%3cline y2='569' x2='75' y1='584' x1='57'/%3e%3cline y2='584' x2='91' y1='569' x1='75'/%3e%3ccircle height='65' width='150' r='15' cy='534' cx='75'/%3e%3ctext style='text-anchor: middle%3b font-size: 16px%3b font-weight: 400%3b font-family: arial%2c sans-serif%3b' class='actor actor-man' alignment-baseline='central' dominant-baseline='central' y='591.5' x='75'%3e%3ctspan dy='0' x='75'%3eUser%3c/tspan%3e%3c/text%3e%3c/g%3e%3c/svg%3e)
- يصل المستخدم إلى تطبيق الويب (RP).
- تقوم RP بإعادة توجيه المستخدم إلى مزود OIDC (IdP) للتوثيق.
- يفحص مزود OIDC حالة جلسة تسجيل الدخول للمستخدم. إذا لم تكن هناك جلسة موجودة أو انتهت صلاحية الجلسة، يُطلب من المستخدم تسجيل الدخول.
- يتفاعل المستخدم مع صفحة تسجيل الدخول ليتم توثيقه.
- تقوم صفحة تسجيل الدخول بتقديم نتيجة التفاعل لمزود OIDC.
- يقوم مزود OIDC بإنشاء جلسة تسجيل دخول جديدة وتصريح توثيق للمستخدم.
- يعيد مزود OIDC توجيه المستخدم مرة أخرى إلى RP مع كود توثيق (تدفق الكود التخويلي).
- تتلقى RP كود التوثيق وتقوم بتبادله للحصول على توكنات للوصول إلى معلومات المستخدم.
ما هي إدارة جلسة تسجيل الدخول في RP
تُنشأ جلسة تسجيل دخول عندما يسجل المستخدم دخوله إلى IdP. تُستخدم هذه الجلسة لتتبع حالة توثيق المستخدم في IdP. تتضمن الجلسة عادة معلومات مثل هوية المستخدم ووقت التوثيق ووقت انتهاء صلاحية الجلسة. تُنشأ عندما يسجل المستخدم دخوله لأول مرة وتستمر حتى يقوم المستخدم بتسجيل الخروج أو تنتهي صلاحية الجلسة.
سيتم ضبط ملف تعريف الجلسة بأمان في متصفح المستخدم للحفاظ على حالة الجلسة. يُستخدم ملف تعريف الجلسة لتحديد جلسة المستخدم وتوثيقه لطلبات التوثيق اللاحقة. يتم ضبط هذا الملف عادةً بالعلامتين HttpOnly وSecure لمنع الوصول من جانب العميل وضمان التواصل الأمن.
جلسة واحدة لكل RP
لكل RP يصل إليه المستخدم من أجهزة أو متصفح مختلف، سيتم إنشاء جلسة تسجيل دخول منفصلة. �يعني هذا أن حالة توثيق المستخدم يتم الاحتفاظ بها بشكل منفصل لكل RP. إذا قام المستخدم بتسجيل الخروج من RP واحد، سيظل المستخدم موثقًا في RPs الأخرى حتى تنتهي صلاحية الجلسة أو يقوم المستخدم بتسجيل الخروج من جميع RPs.
%3btext-align:center%3b%7d%23mermaid-1 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-1 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-1 .cluster text%7bfill:%23333%3b%7d%23mermaid-1 .cluster span%7bcolor:%23333%3b%7d%23mermaid-1 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-1 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-1 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-1 .icon-shape%2c%23mermaid-1 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-1 .icon-shape p%2c%23mermaid-1 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-1 .icon-shape rect%2c%23mermaid-1 .image-shape rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-pointEnd'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 0 L 10 5 L 0 10 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='4.5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-pointStart'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 5 L 10 10 L 10 0 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='11' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-circleEnd'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='-1' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-circleStart'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='12' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-1_flowchart-v2-crossEnd'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='-1' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-1_flowchart-v2-crossStart'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'%3e%3cg data-look='classic' id='DeviceB' class='cluster'%3e%3crect height='619.21875' width='330.88671875' y='136' x='8' style=''/%3e%3cg transform='translate(126.748046875%2c 136)' class='cluster-label'%3e%3cforeignObject height='24' width='93.390625'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eUser agent B%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg data-look='classic' id='DeviceA' class='cluster'%3e%3crect height='619.21875' width='330.88671875' y='136' x='358.88671875' style=''/%3e%3cg transform='translate(478.080078125%2c 136)' class='cluster-label'%3e%3cforeignObject height='24' width='92.5'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eUser agent A%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg data-look='classic' id='Layer4' class='cluster'%3e%3crect height='391.21875' width='290.88671875' y='339' x='28' style=''/%3e%3cg transform='translate(124.958984375%2c 339)' class='cluster-label'%3e%3cforeignObject height='24' width='96.96875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eLogto domain%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg data-look='classic' id='Layer3' class='cluster'%3e%3crect height='104' width='267.859375' y='161' x='35.6796875' style=''/%3e%3cg transform='translate(113.1328125%2c 161)' class='cluster-label'%3e%3cforeignObject height='24' width='112.953125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eClient domain B%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg data-look='classic' id='Layer2' class='cluster'%3e%3crect height='391.21875' width='290.88671875' y='339' x='378.88671875' style=''/%3e%3cg transform='translate(475.845703125%2c 339)' class='cluster-label'%3e%3cforeignObject height='24' width='96.96875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eLogto domain%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg data-look='classic' id='Layer1' class='cluster'%3e%3crect height='104' width='266.984375' y='161' x='387.00390625' style=''/%3e%3cg transform='translate(464.46484375%2c 161)' class='cluster-label'%3e%3cforeignObject height='24' width='112.0625'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eClient domain A%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='edgePaths'%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_U_A_0' d='M388.109%2c51.739L410.174%2c59.616C432.238%2c67.493%2c476.367%2c83.246%2c498.432%2c97.29C520.496%2c111.333%2c520.496%2c123.667%2c520.496%2c134C520.496%2c144.333%2c520.496%2c152.667%2c520.496%2c160.333C520.496%2c168%2c520.496%2c175%2c520.496%2c178.5L520.496%2c182'/%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_A_C_1' d='M520.496%2c240L520.496%2c244.167C520.496%2c248.333%2c520.496%2c256.667%2c520.496%2c267C520.496%2c277.333%2c520.496%2c289.667%2c520.496%2c302C520.496%2c314.333%2c520.496%2c326.667%2c520.566%2c336.417C520.637%2c346.167%2c520.777%2c353.334%2c520.847%2c356.917L520.918%2c360.501'/%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_U_B_2' d='M294.328%2c52.487L273.542%2c60.239C252.755%2c67.992%2c211.182%2c83.496%2c190.396%2c97.415C169.609%2c111.333%2c169.609%2c123.667%2c169.609%2c134C169.609%2c144.333%2c169.609%2c152.667%2c169.609%2c160.333C169.609%2c168%2c169.609%2c175%2c169.609%2c178.5L169.609%2c182'/%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_B_E_3' d='M169.609%2c240L169.609%2c244.167C169.609%2c248.333%2c169.609%2c256.667%2c169.609%2c267C169.609%2c277.333%2c169.609%2c289.667%2c169.609%2c302C169.609%2c314.333%2c169.609%2c326.667%2c169.68%2c336.417C169.75%2c346.167%2c169.89%2c353.334%2c169.961%2c356.917L170.031%2c360.501'/%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_C_D_4' d='M491.206%2c547.928L486.806%2c558.977C482.405%2c570.025%2c473.605%2c592.122%2c474.133%2c608.834C474.662%2c625.546%2c484.519%2c636.874%2c489.447%2c642.537L494.376%2c648.201'/%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_E_F_5' d='M140.319%2c547.928L135.919%2c558.977C131.519%2c570.025%2c122.718%2c592.122%2c123.247%2c608.834C123.775%2c625.546%2c133.632%2c636.874%2c138.56%2c642.537L143.489%2c648.201'/%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_D_C_6' d='M538.128%2c651.219L542.154%2c645.052C546.181%2c638.885%2c554.235%2c626.552%2c555.568%2c610.938C556.901%2c595.324%2c551.513%2c576.429%2c548.819%2c566.981L546.125%2c557.534'/%3e%3cpath marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_F_E_7' d='M187.241%2c651.219L191.268%2c645.052C195.295%2c638.885%2c203.348%2c626.552%2c204.681%2c610.938C206.014%2c595.324%2c200.626%2c576.429%2c197.932%2c566.981L195.238%2c557.534'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg transform='translate(520.49609375%2c 99)' class='edgeLabel'%3e%3cg transform='translate(-24.90625%2c -12)' class='label'%3e%3cforeignObject height='24' width='49.8125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eSign-in%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(520.49609375%2c 302)' class='edgeLabel'%3e%3cg transform='translate(-60.9296875%2c -12)' class='label'%3e%3cforeignObject height='24' width='121.859375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eRedirect to Logto%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(169.609375%2c 99)' class='edgeLabel'%3e%3cg transform='translate(-24.90625%2c -12)' class='label'%3e%3cforeignObject height='24' width='49.8125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eSign-in%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(169.609375%2c 302)' class='edgeLabel'%3e%3cg transform='translate(-60.9296875%2c -12)' class='label'%3e%3cforeignObject height='24' width='121.859375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eRedirect to Logto%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(464.8046875%2c 614.21875)' class='edgeLabel'%3e%3cg transform='translate(-10.2265625%2c -12)' class='label'%3e%3cforeignObject height='24' width='20.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eNo%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(113.91796875%2c 614.21875)' class='edgeLabel'%3e%3cg transform='translate(-10.2265625%2c -12)' class='label'%3e%3cforeignObject height='24' width='20.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eNo%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(562.2890625%2c 614.21875)' class='edgeLabel'%3e%3cg transform='translate(-53.359375%2c -12)' class='label'%3e%3cforeignObject height='24' width='106.71875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eCreate session%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(211.40234375%2c 614.21875)' class='edgeLabel'%3e%3cg transform='translate(-53.359375%2c -12)' class='label'%3e%3cforeignObject height='24' width='106.71875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eCreate session%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg transform='translate(341.21875%2c 35)' id='flowchart-U-0' class='node default'%3e%3crect height='54' width='93.78125' y='-27' x='-46.890625' style='' class='basic label-container'/%3e%3cg transform='translate(-16.890625%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='33.78125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eUser%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(520.49609375%2c 213)' id='flowchart-A-1' class='node default'%3e%3crect height='54' width='196.984375' y='-27' x='-98.4921875' style='' class='basic label-container'/%3e%3cg transform='translate(-68.4921875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='136.984375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eClient Application A%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(520.49609375%2c 470.609375)' id='flowchart-C-2' class='node default'%3e%3cpolygon transform='translate(-106.609375%2c106.609375)' class='label-container' points='106.609375%2c0 213.21875%2c-106.609375 106.609375%2c-213.21875 0%2c-106.609375'/%3e%3cg transform='translate(-79.609375%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='159.21875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eLogto sign-in session%3f%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(520.49609375%2c 678.21875)' id='flowchart-D-3' class='node default'%3e%3crect height='54' width='149.84375' y='-27' x='-74.921875' style='' class='basic label-container'/%3e%3cg transform='translate(-44.921875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='89.84375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eSign-in page%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(169.609375%2c 213)' id='flowchart-B-4' class='node default'%3e%3crect height='54' width='197.859375' y='-27' x='-98.9296875' style='' class='basic label-container'/%3e%3cg transform='translate(-68.9296875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='137.859375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eClient Application B%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(169.609375%2c 470.609375)' id='flowchart-E-5' class='node default'%3e%3cpolygon transform='translate(-106.609375%2c106.609375)' class='label-container' points='106.609375%2c0 213.21875%2c-106.609375 106.609375%2c-213.21875 0%2c-106.609375'/%3e%3cg transform='translate(-79.609375%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='159.21875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eLogto sign-in session%3f%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(169.609375%2c 678.21875)' id='flowchart-F-6' class='node default'%3e%3crect height='54' width='149.84375' y='-27' x='-74.921875' style='' class='basic label-container'/%3e%3cg transform='translate(-44.921875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='89.84375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eSign-in page%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
جلسة مركزية للعديد من RPs
تسمح هذه الإدارة المركزية للجلسات أيضًا لـ IdP بالحفاظ على حالة توثيق مستقرة عبر العديد من RPs طالما كانت جلسة المستخدم نشطة وطلبات التوثيق تأتي من نفس الوكيل المستخدم (الجهاز/المتصفح). تُمكّن هذه الآلية قدرات SSO حيث يمكن للمستخدم الوصول إلى العديد من RPs دون الحاجة إلى تسجيل الدخول مرة أخرى.
%3btext-align:center%3b%7d%23mermaid-2 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-2 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-2 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-2 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-2 .cluster text%7bfill:%23333%3b%7d%23mermaid-2 .cluster span%7bcolor:%23333%3b%7d%23mermaid-2 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-2 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-2 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-2 .icon-shape%2c%23mermaid-2 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-2 .icon-shape p%2c%23mermaid-2 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-2 .icon-shape rect%2c%23mermaid-2 .image-shape rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-2 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-pointEnd'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 0 L 10 5 L 0 10 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='4.5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-pointStart'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 5 L 10 10 L 10 0 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='11' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-circleEnd'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='-1' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-circleStart'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='12' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-2_flowchart-v2-crossEnd'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='-1' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-2_flowchart-v2-crossStart'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'/%3e%3cg class='edgeLabels'/%3e%3cg class='nodes'%3e%3cg transform='translate(0%2c 0)' class='root'%3e%3cg class='clusters'%3e%3cg data-look='classic' id='User' class='cluster'%3e%3crect height='897.21875' width='562.7421875' y='8' x='8' style=''/%3e%3cg transform='translate(243.12109375%2c 8)' class='cluster-label'%3e%3cforeignObject height='24' width='92.5'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eUser agent A%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg data-look='classic' id='Layer2' class='cluster'%3e%3crect height='441.21875' width='419.03125' y='426.5' x='74.74609375' style=''/%3e%3cg transform='translate(235.77734375%2c 426.5)' class='cluster-label'%3e%3cforeignObject height='24' width='96.96875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eLogto domain%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg data-look='classic' id='Layer1' class='cluster'%3e%3crect height='129' width='514.84375' y='198.5' x='32.05859375' style=''/%3e%3cg transform='translate(233.44921875%2c 198.5)' class='cluster-label'%3e%3cforeignObject height='24' width='112.0625'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eClient domain A%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='edgePaths'%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_U_A_0' d='M245.599%2c99.5L232.258%2c107.75C218.916%2c116%2c192.234%2c132.5%2c178.892%2c149C165.551%2c165.5%2c165.551%2c182%2c165.551%2c195.833C165.551%2c209.667%2c165.551%2c220.833%2c165.551%2c226.417L165.551%2c232'/%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_A_C_1' d='M165.551%2c290L165.551%2c296.25C165.551%2c302.5%2c165.551%2c315%2c165.551%2c329.5C165.551%2c344%2c165.551%2c360.5%2c165.551%2c377C165.551%2c393.5%2c165.551%2c410%2c177.611%2c432.285C189.671%2c454.57%2c213.79%2c482.641%2c225.85%2c496.676L237.91%2c510.711'/%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_U_B_2' d='M332.924%2c99.5L346.266%2c107.75C359.607%2c116%2c386.29%2c132.5%2c399.631%2c149C412.973%2c165.5%2c412.973%2c182%2c412.973%2c195.833C412.973%2c209.667%2c412.973%2c220.833%2c412.973%2c226.417L412.973%2c232'/%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_B_C_3' d='M412.973%2c290L412.973%2c296.25C412.973%2c302.5%2c412.973%2c315%2c412.973%2c329.5C412.973%2c344%2c412.973%2c360.5%2c412.973%2c377C412.973%2c393.5%2c412.973%2c410%2c401.076%2c432.282C389.179%2c454.565%2c365.386%2c482.629%2c353.49%2c496.661L341.593%2c510.694'/%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_C_D_4' d='M241.608%2c629.565L228.117%2c645.757C214.627%2c661.95%2c187.645%2c694.334%2c187.45%2c718.436C187.255%2c742.537%2c213.846%2c758.355%2c227.141%2c766.265L240.437%2c774.174'/%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_D_C_5' d='M323.508%2c776.219L333.972%2c767.969C344.436%2c759.719%2c365.365%2c743.219%2c366.902%2c720.558C368.439%2c697.897%2c350.586%2c669.076%2c341.659%2c654.665L332.733%2c640.255'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg transform='translate(165.55078125%2c 149)' class='edgeLabel'%3e%3cg transform='translate(-24.90625%2c -12)' class='label'%3e%3cforeignObject height='24' width='49.8125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eSign-in%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(165.55078125%2c 377)' class='edgeLabel'%3e%3cg transform='translate(-60.9296875%2c -12)' class='label'%3e%3cforeignObject height='24' width='121.859375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eRedirect to Logto%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(412.97265625%2c 149)' class='edgeLabel'%3e%3cg transform='translate(-24.90625%2c -12)' class='label'%3e%3cforeignObject height='24' width='49.8125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eSign-in%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(412.97265625%2c 377)' class='edgeLabel'%3e%3cg transform='translate(-60.9296875%2c -12)' class='label'%3e%3cforeignObject height='24' width='121.859375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eRedirect to Logto%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(160.6640625%2c 726.71875)' class='edgeLabel'%3e%3cg transform='translate(-10.2265625%2c -12)' class='label'%3e%3cforeignObject height='24' width='20.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eNo%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(386.29296875%2c 726.71875)' class='edgeLabel'%3e%3cg transform='translate(-53.359375%2c -12)' class='label'%3e%3cforeignObject height='24' width='106.71875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3eCreate session%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg transform='translate(289.26171875%2c 570.609375)' id='flowchart-C-26' class='node default'%3e%3cpolygon transform='translate(-106.609375%2c106.609375)' class='label-container' points='106.609375%2c0 213.21875%2c-106.609375 106.609375%2c-213.21875 0%2c-106.609375'/%3e%3cg transform='translate(-79.609375%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='159.21875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eLogto sign-in session%3f%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(289.26171875%2c 72.5)' id='flowchart-U-23' class='node default'%3e%3crect height='54' width='93.78125' y='-27' x='-46.890625' style='' class='basic label-container'/%3e%3cg transform='translate(-16.890625%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='33.78125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eUser%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(165.55078125%2c 263)' id='flowchart-A-24' class='node default'%3e%3crect height='54' width='196.984375' y='-27' x='-98.4921875' style='' class='basic label-container'/%3e%3cg transform='translate(-68.4921875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='136.984375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eClient Application A%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(412.97265625%2c 263)' id='flowchart-B-25' class='node default'%3e%3crect height='54' width='197.859375' y='-27' x='-98.9296875' style='' class='basic label-container'/%3e%3cg transform='translate(-68.9296875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='137.859375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eClient Application B%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(289.26171875%2c 803.21875)' id='flowchart-D-27' class='node default'%3e%3crect height='54' width='149.84375' y='-27' x='-74.921875' style='' class='basic label-container'/%3e%3cg transform='translate(-44.921875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='89.84375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eSign-in page%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
حالة التوثيق في جانب العميل
في OIDC، يعتمد تطبيق العميل (RP) على التوكنات الصادرة عن IdP للتحقق من هوية المستخدم وحالة توثيقه أو إذنه. يتم الحفاظ على "جلسة تسجيل الدخول" في جانب العميل بواسطة التوكنات الصادرة عن IdP.
- ID Token: توكن قصيرة العمر تحتوي على معلومات المستخدم وتُستخدم للتحقق من هوية المستخدم الموثق.
- Access Token: توكن تمنح الوصول إلى الموارد المحمية نيابة عن المستخدم. يمكن أن يكون عمر التوكن قصيراً أو طويلاً حسب التكوين. يمكن لتطبيقات العميل الاعتماد على صلاحية التوكن لتحديد حالة توثيق المستخدم. إذا انتهت صلاحية التوكن أو تم حذفه، يمكن اعتبار المستخدم "مسجل الخروج" أو "غير موثق" ويحتاج إلى إعادة التوثيق.
- Refresh Token: إذا طُلِبت وتم منح نطاق
offline_access، قد يتلقى تطبيق العميل توكن تجديد. يوفر وسيلة لتمديد حالة توثيق المستخدم دون الحاجة إلى إعادة التوثيق. يمكن لتطبيق العميل استخدام توكن التجديد للحصول على توكن وصول جديد عند انتهاء صلاحية التوكن الحالي. طالما كان توكن التجديد صالحًا، يمكن الحفاظ على حالة توثيق المستخدم دون الحاجة إلى تفاعل المستخدم.
يجمع بين هذه التوكنات ليمكن تطبيق العميل من الحفاظ على حالة توثيق المستخدم والوصول إلى الموارد المحمية نيابة عنه. يجب على تطبيق العميل تخزين هذه التوكنات بشكل أمن وإدارة دورة حياتها. (مثلاً لتطبيقات SPA، يمكن تخزين التوكنات في التخزين المحلي أو تخزين الجلسة في المتصفح. لتطبيقات الويب، يمكن تخزين التوكنات في بيانات الجلسة في جهة الخادم أو الكوكيز.)
آليات تسجيل الخروج في OIDC
عملية تسجيل الخروج في OIDC تعد مفهومًا متعدد الأوجه بسبب مشاركة كل من جلسات تسجيل الدخول المركزية المدارة من IdP والتوكنات الموزعة في جانب العميل.
مسح التوكنات والجلسة المحل�ية في جانب العميل
لتسجيل الخروج أو إلغاء حالة توثيق المستخدم في جانب العميل، يعد أمرًا بسيطًا نسبيًا. يمكن لتطبيق العميل إزالة التوكنات المخزنة (توكن ID، توكن الوصول، وتوكن التجديد) من المتصفح أو الذاكرة للمستخدم. إن هذا الإجراء يلغي عمليًا حالة توثيق المستخدم في جانب العميل.
لتطبيقات الويب التي تدير جلسات تسجيل دخول المستخدم الخاصة بها، قد تكون هناك خطوات إضافية ضرورية. تتضمن هذه الخطوات مسح كوكيز الجلسة وأي بيانات جلسة (مثل التوكنات الصادرة عن مزود الهوية) لضمان تسجيل خروج المستخدم بالكامل.
مسح جلسة تسجيل الدخول المركزية في IdP
يحافظ IdP على جلسة تسجيل دخول مركزية لكل مستخدم. طالما كانت هذه الجلسة نشطة، قد يتم توثيق المستخدم تلقائيًا حتى لو تم مسح التوكنات في جانب العميل، مما يسمح بإصدار توكنات جديدة لتطبيق العميل دون الحاجة إلى تفاعل إضافي مع IdP.
لتسجيل خروج المستخدم بالكامل من IdP، يمكن لتطبيق العميل (RP) بدء طلب تسجيل خروج إلى IdP. يجب على التطبيق (RP) إعادة توجيه المستخدم إلى نقطة نهاية إنهاء الجلسة في IdP لإنهاء جلسة التسجيل ويمكن تنقية ملفات تعريف الجلسة. يضمن هذا تسجيل خروج كامل عبر جميع التطبيقات (RPs) التي تشارك نفس الجلسة المركزية. بمجرد إنهاء جلسة التسجيل، كلما تلقى IdP طلب توكن من أي من التطبيقات المرتبطة بنفس الجلسة، سيطلب من المستخدم إعادة التوثيق.
تسجيل الخروج عبر القناة الخلفية في OIDC
في بعض الحالات، عندما يقوم المستخدم بتسجيل الخروج من تطبيق واحد (RP)، قد يرغب أيضًا في أن يتم تسجيل الخروج تلقائيًا من جميع التطبيقات الأخرى (RPs) دون أي تفاعل إضافي من المستخدم. يمكن تحقيق ذلك باستخدام آلية تسجيل الخروج عبر القناة الخلفية.
عندما يتلقى IdP طلب تسجيل خروج من RP، فإنه لا يقوم فقط بمسح جلسة التسجيل، بل يرسل أيضًا إشعار تسجيل خروج عبر القناة الخلفية إلى جميع RPs التي تستخدم نفس الجلسة ولديها نقطة نهاية تسجيل خروج عبر القناة الخلفية مسجلة.
عندما تتلقى RPs إشعار تسجيل الخروج عبر القناة الخلفية، يمكنها القيام بالإجراءات اللازمة لمسح جلسة المستخدم والتوكنات، مما يضمن تسجيل خروج المستخدم بالكامل من جميع التطبيقات.