[Openid-specs-ab] Possible state parameter for RP-initiated logout

Thomas Broyer t.broyer at gmail.com
Tue Jul 1 12:35:49 UTC 2014


That makes sense. Particularly given that all post_logout_redirect_uri
should be pre-registered and are compared byte-for-byte, leaving no place
to, e.g., add query-string arguments to customize the behavior upon
redirection. So yes, there should be a 'state' parameter.

I'm going to add it to our implementation ASAP.


On Tue, Jul 1, 2014 at 2:31 AM, Mike Jones <Michael.Jones at microsoft.com>
wrote:

>  Some Microsoft product people have requested an optional “state”
> parameter for RP-initiated logout requests.  Like the OAuth “state”
> parameter this would be passed to the end_session_endpoint as an optional
> query parameter, and if present, would be passed back with the same value
> to the post_logout_redirect_uri endpoint.
>
>
>
> What do people think of this proposal?
>
>
>
> RP-initiated logout is defined at
> http://openid.net/specs/openid-connect-session-1_0.html#RPLogout.
>
>
>
>                                                                 -- Mike
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Thomas Broyer
/tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140701/4023ad72/attachment.html>


More information about the Openid-specs-ab mailing list