[Openid-specs-ab] Issue #914: Session 5 - Missing client_id parameter (openid/connect)
issues-reply at bitbucket.org
Tue Jan 14 16:04:43 UTC 2014
New issue 914: Session 5 - Missing client_id parameter
Should the post_logout_redirect_uri parameter be provided to the end_session_endpoint, the OP needs to verify that the URI was previously registered to the requesting RP. A client_id is required to make that verification. Is the assumption that the OP will get this value from the id_token_hint? If true, that value is "recommended". Should the client_id be an explicit parameter? That's how I've currently got it implemented.
More information about the Openid-specs-ab