Cross origin authentication #30
Description
To get the logged in user info on client pages, a cross origin endpoint could be implemented. This requires a javascript function to be called during document load on client page.
JS will send: clientId, http origin header of client page (automatic via browser), withCredentials=true.
Endpoint will check long term cookie on oauthly, whether given client id and user in cookie has a grant record, and whether the origin header matches the allowed origin setting of the client. If all three match, it will return an id_token (jwt) of the user. It will be then passed to server side of the client by user agent.