Are there any plans to update AMs implementation of OIDC user session management to the latest finalized spec? It looks like AM 7.3 currently implements Draft 5 and Draft 10 of the specification -
https://backstage.forgerock.com/docs/am/7.3/oidc1-guide/session-management.html
The specification has now been finalized, and does bring a few changes. In particular, the latest specification requires that a session_state parameter be provided in the authentication response. Many of the OIDC RP implementations that I’ve looked through that support session management look for that parameter in the response to indicate if session management is supported.
(latest spec) - Final: OpenID Connect Session Management 1.0