[Openid-specs-ab] Issue #1017: Session management: RP-init logout: Proposal for optional ui_locales parameter (openid/connect)
t.broyer at gmail.com
Mon May 29 16:58:36 UTC 2017
On Mon, May 29, 2017 at 6:22 PM Sergey Beryozkin via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Hi Vladimir
> We've only prototyped the code around the RP-initiated logout spec text,
> hence the question, in this flow, it is actually the RP-controlled
> endpoint that has the user being redirected to it, once OIDC completes
> this RP-initiated logout request, and this RP endpoint will display the
> So is it something that it is not that OIDC can control, which Locale to
> use ?
I believe many OPs will present a screen asking the user whether he really
wants to logout from the OP (the spec  says “At the logout endpoint, the
OP SHOULD ask the End-User whether he wants to log out of the OP as well.”).
Also, the post_logout_redirect_uri is optional.
In Ozwillo  for instance, we list on that page all the RPs the user has
a valid access token issued to, so he knows what he logs out of. In our
case, we wouldn't use ui_locales though: if the user is signed in, we use
his profile's locale, and otherwise we redirect him either to the
post_logout_redirect_uri (if specified and valid) or to our homepage (which
currently doesn't support any equivalent to ui_locales, but we could use
the expected user's profile locale too). ui_locales would then only be
useful if no id_token_hint is provided *and* the user is not signed in.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab