[Code] Back-channel logout response with HTTP 400
Piraveena Paralogarajah
piraveena.14 at cse.mrt.ac.lk
Fri Aug 18 15:20:57 UTC 2017
Hi all,
In Back-channel logout, if the logout token is invalid, then RP sends a 400
response. So How OP will handle this? Will OP send a logout token again to
request the RP to terminate end user's session? If OP won't send a logout
token again, how RP will terminate the session?
It will be helpful if you explain.
Thanks,
On 18 August 2017 at 20:01, Clément OUDOT <clem.oudot at gmail.com> wrote:
> 2017-08-18 14:20 GMT+02:00 Piraveena Paralogarajah <
> piraveena.14 at cse.mrt.ac.lk>:
> > Hi all,
> >
> > In Back-channel logout, If the logout is invalid, then RP should respond
> > with HTTP 400 Bad request. Then how P will handle this?
> >
> > It will be helpful if someone can explain the workflow.
>
>
> I would say it's up to you and how you want this to be displayed to
> user. You can just display a warning or ignore it.
>
> Clément.
>
--
Piraveena Paralogarajah
Undergraduate,
Department of Computer Science and Engineering,
University of Moratuwa,
Sri Lanka.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20170818/278d0f92/attachment.html>
More information about the Code
mailing list