I have an Hydra SSO Server, an OIDC Provider and a Resource Server Website.
- When a user browses a protected page on the
Resource Server Website, if no authentication info can be found, a guard will redirect the user toHydra SSO Serverand aauthorization-codeoauth2 flow will start. Either it will automatically log the user ifHydra SSO Serversession can be found, either it will redirect the user back to the login page. - When a user browses a public page on the
Resource Server Website, the guard does not redirect the user toHydra SSO Server. In this case we don't know if the user is already logged (Hydra SSO Serversession is active).
As I would like to put user info on the navbar no matter which page he visits, what is the best approach to check user session on Hydra SSO Server ?
I did not find any endpoint for validating the user hydra session without redirection.
If I need to start with an oauth2 redirect against hydra when the website loads, is this a correct approach ?
