[Openid-specs-ab] Third-Party Cookies and Front Channel Logout

torsten at lodderstedt.net torsten at lodderstedt.net
Mon Aug 29 15:48:59 UTC 2016

Hi Pratek,

we are facing the same problem. Describing it in the spec is definitely the minimum. Better would be to come up with a viable solution.

best regards,

Sent by MailWise – See your emails as clean, short chats.

-------- Ursprüngliche Nachricht --------
Von: Prateek Mishra via Openid-specs-ab <openid-specs-ab at lists.openid.net>
Gesendet: Friday, August 26, 2016 02:56 AM
An: openid-specs-ab at lists.openid.net
Betreff: [Openid-specs-ab] Third-Party Cookies and Front Channel Logout

>The OIDC Front Channel Logout draft specification uses HTTP GETs to RP URLs that clear login state.
>http://openid.net/specs/openid-connect-frontchannel-1_0.html <http://openid.net/specs/openid-connect-frontchannel-1_0.html>
>This typically takes the form of an OP loading a page with <iframe src="frontchannel_logout_uri”> or <img src=“front_channel_logout_uri”>
>However, modern browsers allow users to “block third party cookies” and this setting means that the logout at the RP will fail (unable to remove previously
>established RP cookie). Our implementation and test teams have found this to be a really confusing situation for end-users.
>Have implementors had any success with alternatives or work-arounds? At a minimum we should capture this behavior in the draft specification.
>Openid-specs-ab mailing list
>Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160829/026ca210/attachment.html>

More information about the Openid-specs-ab mailing list