[Openid-specs-ab] Possible state parameter for RP-initiated logout

Mike Jones Michael.Jones at microsoft.com
Wed Jul 2 17:08:05 UTC 2014


The client-generated “state” parameter is exactly what I was asking about on this thread.  It seems that that has working group support.

There was also a different thread “[Openid-specs-ab] Possibly using session_state in logout and prompt=none requests” discussing an unrelated proposal.  It should be discussed on the other thread.

                                                            -- Mike

From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Wednesday, July 02, 2014 7:21 AM
To: Thomas Broyer
Cc: Mike Jones; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Possible state parameter for RP-initiated logout

PS I do agree that the logout call should have a Client generated state parameter that is opaque to the IdP and returned in the response.

However that is not the state Mike was asking about as I understood the question.

On Jul 1, 2014, at 8:35 AM, Thomas Broyer <t.broyer at gmail.com<mailto:t.broyer at gmail.com>> wrote:


That makes sense. Particularly given that all post_logout_redirect_uri should be pre-registered and are compared byte-for-byte, leaving no place to, e.g., add query-string arguments to customize the behavior upon redirection. So yes, there should be a 'state' parameter.

I'm going to add it to our implementation ASAP.

On Tue, Jul 1, 2014 at 2:31 AM, Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>> wrote:
Some Microsoft product people have requested an optional “state” parameter for RP-initiated logout requests.  Like the OAuth “state” parameter this would be passed to the end_session_endpoint as an optional query parameter, and if present, would be passed back with the same value to the post_logout_redirect_uri endpoint.

What do people think of this proposal?

RP-initiated logout is defined at http://openid.net/specs/openid-connect-session-1_0.html#RPLogout.

                                                                -- Mike


_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab



--
Thomas Broyer
/tɔ.ma.bʁwa.je/<http://xn--nna.ma.xn--bwa-xxb.je/>
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140702/2864ec04/attachment-0001.html>


More information about the Openid-specs-ab mailing list