[Openid-specs-ab] Issue #1216: query over rp initiated logout certification test outcomes for tests that use invalid information (openid/connect)

[Joseph Heenan]

New issue 1216: query over rp initiated logout certification test outcomes for tests that use invalid information
https://bitbucket.org/openid/connect/issues/1216/query-over-rp-initiated-logout

Joseph Heenan:

The certification team have received a logout certification that seems to differ to all previous ones and from the outcome the tests describe. We’re inclined to think this is okay but I thought it best to seek guidance from the working group before we update the test descriptions.

The relevant tests are:

* oidcc-rp-initiated-logout-bad-post-logout-redirect-uri
* oidcc-rp-initiated-logout-query-added-to-post-logout-redirect-uri

“If the post logout redirect URI does not match the pre-configured one, but the id\_token\_hint validation succeeded, we will logout the user, but not make the redirect URI available to the UI, nor automatically redirect.”

‌

* oidcc-rp-initiated-logout-modified-id-token-hint
* oidcc-rp-initiated-logout-bad-id-token-hint
* oidcc-rp-initiated-logout-no-id-token-hint

“If id\_token\_hint is missing, or validation failed, we do not show an error message to the user, we fall back to prompting the user if he really want to logout.”

  
The python tests used wording like:

> This test should result in the OpenID Provider displaying an error message in your user agent. You must submit a screen shot of the error shown as part of your certification application.

and the java tests tend to use language like:

> `the OP must show an error screen, a screenshot of which should be uploaded`

 [https://openid.net/specs/openid-connect-rpinitiated-1\_0.html](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) says:

> Logout requests without a valid `id_token_hint` value are a potential means of denial of service; therefore, OPs may want to require explicit user confirmation before acting upon them.

and:

> If any of the validation procedures defined in this specification fail, any operations requiring the information that failed to correctly validate MUST be aborted and the information that failed to validate MUST NOT be used.

Which appears to support these outcomes.

The question is basically: in all these scenarios, is it permitted to not show errors?

\(If so we’ll update the test descriptions to try and make the permitted outcomes clear.\)

‌