[Openid-specs-ab] Possible state parameter for RP-initiated logout
Thomas Broyer
t.broyer at gmail.com
Tue Jul 1 12:35:49 UTC 2014
That makes sense. Particularly given that all post_logout_redirect_uri
should be pre-registered and are compared byte-for-byte, leaving no place
to, e.g., add query-string arguments to customize the behavior upon
redirection. So yes, there should be a 'state' parameter.
I'm going to add it to our implementation ASAP.
On Tue, Jul 1, 2014 at 2:31 AM, Mike Jones <Michael.Jones at microsoft.com>
wrote:
> Some Microsoft product people have requested an optional “state”
> parameter for RP-initiated logout requests. Like the OAuth “state”
> parameter this would be passed to the end_session_endpoint as an optional
> query parameter, and if present, would be passed back with the same value
> to the post_logout_redirect_uri endpoint.
>
>
>
> What do people think of this proposal?
>
>
>
> RP-initiated logout is defined at
> http://openid.net/specs/openid-connect-session-1_0.html#RPLogout.
>
>
>
> -- Mike
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
--
Thomas Broyer
/tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140701/4023ad72/attachment.html>
More information about the Openid-specs-ab
mailing list