[Openid-specs-ab] Issue #842: Session 5.1 - Make post_logout_redirect_uri treatment more parallel to redirect_uri (openid/connect)
Michael.Jones at microsoft.com
Fri May 31 17:05:36 UTC 2013
I would not have proposed this if no one else had proposed changes to the possible Implementer's Draft versions posted yesterday, but given that Nat has "broken the glass", I believe we should do this change now. It's painless now, but would be an incompatible change later. And it's motivated by a real use case.
I will make this change as part of the final edits unless I hear any objections today.
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Michael Jones
Sent: Friday, May 31, 2013 10:03 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Issue #842: Session 5.1 - Make post_logout_redirect_uri treatment more parallel to redirect_uri (openid/connect)
New issue 842: Session 5.1 - Make post_logout_redirect_uri treatment more parallel to redirect_uri https://bitbucket.org/openid/connect/issue/842/session-51-make-post_logout_redirect_uri
Currently, multiple redirect_uri values can be pre-registered, but only one post_logout_redirect_uri. Also, currently the redirect_uri value to be used must be explicitly passed to the OP, but the OP is expected to implicitly look up the registered post_logout_redirect_uri value and use it.
I am aware of a use case in which multiple post_logout_redirect_uri values are necessary. The RP is willing to pass the value to be used as an explicit parameter. I'll note that passing an explicit parameter would also be aligned with what WS-Federation does.
I propose that we change the post_logout_redirect_uri behavior to be parallel with that of redirect_uri in the manner described above. If a post_logout_redirect_uri is not passed by the RP to the OP at logout time, the OP would not perform any redirection, and would retain control of the browser session.
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab