[Openid-specs-ab] Issue #914: Session 5 - Missing client_id parameter (openid/connect)

lainhart issues-reply at bitbucket.org
Tue Jan 14 16:04:43 UTC 2014

New issue 914: Session 5 - Missing client_id parameter


Should the post_logout_redirect_uri parameter be provided to the end_session_endpoint, the OP needs to verify that the URI was previously registered to the requesting RP.  A client_id is required to make that verification.  Is the assumption that the OP will get this value from the id_token_hint?  If true, that value is "recommended".  Should the client_id be an explicit parameter?  That's how I've currently got it implemented.

More information about the Openid-specs-ab mailing list