[Openid-specs-ab] Issue #1183: Handling errors during OpenID Connect RP-Initiated Logout (openid/connect)
Mitar
issues-reply at bitbucket.org
Sun Aug 16 04:30:08 UTC 2020
New issue 1183: Handling errors during OpenID Connect RP-Initiated Logout
https://bitbucket.org/openid/connect/issues/1183/handling-errors-during-openid-connect-rp
Mitar:
I have attempted to implement the updated OpenID Connect RP-Initiated Logout spec, but I am realizing it is underspecified about what happens on errors. Like, there are requirements that RP has to provide `id_token_hint` together with the `post_logout_redirect_uri`, but what if that is not so? How is error reported to the RP? Redirect and put the error in the query string? Return JSON with the error? What if the error is of internal nature, like database access error while OP tried to logout the user on its side? How to communicate back that RP should retry at a later time? Which errors to show to the user and which errors should be returned back to the RP? What if returning back to RP is not possible because redirect URI is not known?
More information about the Openid-specs-ab
mailing list