[Code] Possible approach to handle OIDC logout consent denial by the end-user
Thomas Broyer
t.broyer at gmail.com
Mon Mar 30 16:11:39 UTC 2020
Log the user out of the RP only, and redirect to
the post_logout_redirect_uri?
"In this case, the RP, after having logged the End-User out of the RP,
redirects the End-User's User Agent to the OP's logout endpoint URL."
Now you'll ask what if there's no post_logout_redirect_uri 😉 (though in
this case the behavior should be the same whether the End-User wants to be
logged out of the OP or only of the RP), and my answer would be "do as you
want": show a message telling the user that he's been logged out, or
redirect to some URI at the OP that doesn't require (re)authentication…
On Mon, Mar 30, 2020 at 5:42 PM Piraveena Paralogarajah <
piraveena.14 at cse.mrt.ac.lk> wrote:
> Hi all,
>
> According to the OIDC Session management
> <https://openid.net/specs/openid-connect-session-1_0.html#RPLogout> spec,
>
> "At the logout endpoint, the OP SHOULD ask the End-User whether he wants
> to log out of the OP as well. If the End-User says "yes", then the OP MUST
> log out the End-User.
>
> It doesn't say how to handle when the user denies the logout consent.
>
> How to handle if the user denies the logout consent? What is the possible
> approach?
> Appreciate your suggestions on this.
>
> Thank you for your time,
> Piraveena
>
> --
> *Piraveena Paralogarajah*
> Undergraduate,
> Department of Computer Science and Engineering,
> University of Moratuwa.
>
>
> *E-mail*: piraveena.14 at cse.mrt.ac.lk
> *Blog:* https://medium.com/@piraveenaparalogarajah
> *LinkedIn*: https://www.linkedin.com/in/piraveena-paralogarajah
> <https://www.linkedin.com/in/piraveena-paralogarajah>
>
> _______________________________________________
> Code mailing list
> Code at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-code
>
--
Thomas Broyer
/tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20200330/323d8dcd/attachment.html>
More information about the Code
mailing list