[Openid-specs-ab] Possible state parameter for RP-initiated logout
John Bradley
ve7jtb at ve7jtb.com
Wed Jul 2 14:20:37 UTC 2014
PS I do agree that the logout call should have a Client generated state parameter that is opaque to the IdP and returned in the response.
However that is not the state Mike was asking about as I understood the question.
On Jul 1, 2014, at 8:35 AM, Thomas Broyer <t.broyer at gmail.com> wrote:
> That makes sense. Particularly given that all post_logout_redirect_uri should be pre-registered and are compared byte-for-byte, leaving no place to, e.g., add query-string arguments to customize the behavior upon redirection. So yes, there should be a 'state' parameter.
>
> I'm going to add it to our implementation ASAP.
>
>
> On Tue, Jul 1, 2014 at 2:31 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
> Some Microsoft product people have requested an optional “state” parameter for RP-initiated logout requests. Like the OAuth “state” parameter this would be passed to the end_session_endpoint as an optional query parameter, and if present, would be passed back with the same value to the post_logout_redirect_uri endpoint.
>
>
>
> What do people think of this proposal?
>
>
>
> RP-initiated logout is defined at http://openid.net/specs/openid-connect-session-1_0.html#RPLogout.
>
>
>
> -- Mike
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
> --
> Thomas Broyer
> /tɔ.ma.bʁwa.je/
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140702/219f44bc/attachment.html>
More information about the Openid-specs-ab
mailing list