I’m working with some customers who are looking for OIDC session management best practices, and they generally would like to know if Auth0 is compliant with OIDC session_state parameter. I’m assuming Auth0 is compliant with this, and using iframe techniques on SDKs. Any comments would be appreciated.
I would also like to know more about this. Considering Auth0 for a project, and this could be the deal breaker.