Can I obtain a list of all Client IDs that are 'in use' on an active OP session (sid)?

[mig5]

Use case

I've a customer who wants to be able to present a screen in an app that shows the user a list of all RPs they have 'single-signed on' into in the active session (e.g due to 'remember me' in use on the Login endpoint when they logged into the first RP, then subsequently browsing to other RPs and automatically logging in to them.)

Each RP has its own oAuth2.0 Client ID/secret.

The goal is to let the user choose individual RPs to log out of, rather than a 'Single Log Out' - but the latter probably will remain the default (and already works).

Question

Is there a way to get a list of all RPs that the user has signed into (via various oAuth2.0 clients) where they have had their session 'remembered' (they have a sid on the OP side common to all these oAuth2.0 clients/RPs?) I assume that based on the 'sid' I can query something on the OP (not sure if public or admin interface, probably the latter) and get a list of at least the oAuth2.0 Clients that have been 'attached' to that sid?

I know I can obtain the Client ID that initiated a logout, via the data in the Logout Challenge, but not sure if I can get a list of all Client IDs that were used as part of the active session.

I hope that makes sense?

Thanks!

[mig5]

It looks like this was already asked at #2938 - my apologies.

Since my 'Consent remember' is set to 0 (forever), I think that API endpoint will work well for me.

The next challenge is that since that's an API endpoint on the admin app, I need to somehow let my RP hit a special route (perhaps on the Login&Consent app, which can access the admin app), which in turn hits that admin API endpoint. But this will have to be protected somehow so not just 'anyone' can hit the Login&Consent app (which needs to be reachable by the RP) with a 'subject' payload to see Just Anyone's active consents. Not sure how to do that, but I guess that's left up to the developer..

[vinckr]

Hey mig5,
no problem, it is always better to ask!

this will have to be protected somehow so not just 'anyone' can hit the Login&Consent app (which needs to be reachable by the RP) with a 'subject' payload

That is correct. I don't know how to do it either from the top of my head. When I come across something I will see to post it here, otherwise keep us posted on your progress.
Also feel free to ask other devs in our slack community, maybe someone already implemented something like this before.