Have a single offline session for a client in all cases #33985
Description
Description
Currently if within a single SSO session multiple offline sessions are requested, they are linked to the same offline session, but with multiple client sessions within.
For example:
- Login
- Authz code flow client_id=myapp1&scope=offline
- Authz code flow client_id=myapp2&scope=offline
This results in myapp1 and myapp2 client sessions sharing the same offline session. However, if logout is in between:
- Login
- Authz code flow client_id=myapp1&scope=offline
- Logout, and login again
- Authz code flow client_id=myapp2&scope=offline
Then this results in a different behaviour where there is no shared offline session.
This leads to some potentially confusing behaviour as you can't predict the number of offline sessions, and would have to count in addition the client sessions within, if you want to know how many "offline sessions exists".
We could unify this by always creating a single offline session, which would also eliminate the need for a client session, as the two could be combined into a single entity.
Discussion
No response
Motivation
No response
Details
No response