<div dir="ltr"><font color="#000000">Hi Thomas Broyer and Darshana,</font><div><font color="#000000"><br></font></div><div><font color="#000000">Thanks for your response. </font></div><div><font color="#000000"><br></font></div><div><font color="#000000">According to the <a href="https://openid.net/specs/openid-connect-session-1_0.html#RPLogout" target="_blank">spec</a>, the user agent needs to be redirected to post_logout_redirect_uri by the OP after logout is performed.</font></div><div><font color="#000000"><br></font></div><div><dl><dt><font face="monospace" color="#000000">post_logout_redirect_uri</font></dt><dd><font face="monospace" color="#000000">OPTIONAL. URL to which the RP is requesting that the End-User's User Agent be redirected after a logout has been performed. The value MUST have been previously registered with the OP, either using the <tt>post_logout_redirect_uris</tt> Registration parameter or via another mechanism. If supplied, the OP SHOULD honor this request following the logout.</font></dd><dd style="font-family:verdana,charcoal,helvetica,arial,sans-serif"></dd></dl></div><div><br></div><div>But in this case, the user denies the logout consent and logout didn't happen in the OP side. So it is a correct approach to redirect to post_logout_redirect_uri as logout failed in OP side?</div><div><br></div><div>Thanks,</div><div>Piraveena</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 30 Mar 2020 at 21:53, Darshana Gunawardana <<a href="mailto:darshanasbg@gmail.com" target="_blank">darshanasbg@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Piraveena,<div><br></div><div>If RP not sending the <i>post_logout_redirect_uri</i> or its not matched with the OP registered <i>post_logout_redirect_uris, </i>(regardless of user denied the consent or approved) user would be redirected to some page in OP.</div><div><br></div><div>If the post_logout_redirect_uri is available and valid, IMO the better behaviour would be redirecting to the <i>post_logout_redirect_uri</i>. Here, user will be only logged out from the RP, but not the OP.</div><div><br></div><div>PS: Saw the Thomas's reply halfway through, but continued sending this one. :)</div><div><br></div><div>Thanks,</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 30, 2020 at 8:28 PM Piraveena Paralogarajah <<a href="mailto:piraveena.14@cse.mrt.ac.lk" target="_blank">piraveena.14@cse.mrt.ac.lk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><font color="#000000">Hi all,</font><div><font color="#000000"><br clear="all"></font><div><div style="margin:0px;padding:0px 16px 0px 0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;vertical-align:top;box-sizing:inherit;width:auto;min-width:0px"><div style="margin:0px 0px 5px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:1.3;vertical-align:baseline;box-sizing:inherit;width:659px"><p style="margin:0px 0px 1em;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both"><font color="#000000">According to the <a href="https://openid.net/specs/openid-connect-session-1_0.html#RPLogout" target="_blank">OIDC Session management</a> spec, </font></p></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div style="margin:0px;padding:0px 16px 0px 0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;vertical-align:top;box-sizing:inherit;width:auto;min-width:0px"><div style="margin:0px 0px 5px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:1.3;vertical-align:baseline;box-sizing:inherit;width:659px"><p style="margin:0px 0px 1em;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both"><font color="#000000">"At the logout endpoint, the OP SHOULD ask the End-User whether he wants to log out of the OP as well. If the End-User says "yes", then the OP MUST log out the End-User.</font></p></div></div></div></blockquote><div><div style="margin:0px;padding:0px 16px 0px 0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;vertical-align:top;box-sizing:inherit;width:auto;min-width:0px"><div style="margin:0px 0px 5px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:1.3;vertical-align:baseline;box-sizing:inherit;width:659px"><p style="margin:0px 0px 1em;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both"><font color="#000000">It doesn't say how to handle when the user denies the logout consent. </font></p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both"><span style="color:rgb(0,0,0);font-family:inherit;font-style:inherit;font-variant-ligatures:inherit;font-variant-caps:inherit;font-weight:inherit">How to handle if the user denies the logout consent? What is the possible approach?</span></p></div></div><div></div><div></div></div><div><div><font color="#000000">Appreciate your suggestions on this.</font></div><div><font color="#000000"><br></font></div><div><div>Thank you for your time,</div></div></div><div>Piraveena</div><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif;font-size:13px"><b>Piraveena Paralogarajah</b><br></div><div style="font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif;font-size:13px"><font color="#666666">Undergraduate,</font></div><div style="font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif;font-size:13px"><font color="#666666">Department of Computer Science and Engineering,</font></div><div style="font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif;font-size:13px"><font color="#666666">University of Moratuwa.</font></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><br></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><b>E-mail</b>: <a href="mailto:piraveena.14@cse.mrt.ac.lk" target="_blank">piraveena.14@cse.mrt.ac.lk</a></font></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><b>Blog:</b> <a href="https://medium.com/@piraveenaparalogarajah" target="_blank">https://medium.com/@piraveenaparalogarajah</a></font></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><b>LinkedIn</b>:<a href="https://www.linkedin.com/in/piraveena-paralogarajah" target="_blank"> https://www.linkedin.com/in/piraveena-paralogarajah</a></font></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><span></span><span></span><br></font></div></div></div></div></div></div></div></div></div>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div style="font-size:small"><div dir="ltr"><font face="georgia, serif">Regards,</font><div><div><font face="georgia, serif"><b>Darshana Gunawardana</b></font></div></div></div><div dir="ltr"><font color="#333333" face="georgia, serif"><a href="https://www.linkedin.com/in/darshana-gunawardana-a23b6037/" target="_blank">https://www.linkedin.com/in/darshana-gunawardana-a23b6037/</a></font></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif;font-size:13px"><b>Piraveena Paralogarajah</b></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><br></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><b>E-mail</b>: <a href="mailto:piraveena.14@cse.mrt.ac.lk" target="_blank">piraveena.14@cse.mrt.ac.lk</a></font></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><b>Blog:</b> <a href="https://medium.com/@piraveenaparalogarajah" target="_blank">https://medium.com/@piraveenaparalogarajah</a></font></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><b>LinkedIn</b>:<a href="https://www.linkedin.com/in/piraveena-paralogarajah" target="_blank"> https://www.linkedin.com/in/piraveena-paralogarajah</a></font></div><div style="color:rgb(0,0,0);font-family:"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif"><font size="1"><span></span><span></span><br></font></div></div></div></div></div></div></div></div></div>