Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Search

Ask A Question

0

Editorial Team

Asked: May 18, 20262026-05-18T10:54:56+00:00 2026-05-18T10:54:56+00:00

I’m using OpenId and Facebook Connect to allow users to idendify themselves on my

0

I’m using OpenId and Facebook Connect to allow users to idendify themselves on my website.

For sensitive operations (like changing OpenId) I’m using the PAPE extension of OpenId ( http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html ) with the option max_auth_age=0 to force the user to identify himself once again at his OpenId provider.

What I would like to prevent is : if someone let his session open on facebook on a public computer then nothing damageable can be done on my website.

PAPE allow that, but what can I do for Facebook connect ?
And I don’t want to log out the user from Facebook and then ask him to log in again…

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team
2026-05-18T10:54:56+00:00Added an answer on May 18, 2026 at 10:54 am
According to this TODO list, PAPE needs still be added to OAuth2.
0

Reply

Share
Share

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on WhatsApp

Report