[Openid-specs-ab] Issue #1017: Session management: RP-init logout: Proposal for optional ui_locales parameter (openid/connect)

Thomas Broyer t.broyer at gmail.com
Mon May 29 16:58:36 UTC 2017


On Mon, May 29, 2017 at 6:22 PM Sergey Beryozkin via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Hi Vladimir
>
> We've only prototyped the code around the RP-initiated logout spec text,
> hence the question, in this flow, it is actually the RP-controlled
> endpoint that has the user being redirected to it, once OIDC completes
> this RP-initiated logout request, and this RP endpoint will display the
> message.
> So is it something that it is not that OIDC can control, which Locale to
> use ?
>

I believe many OPs will present a screen asking the user whether he really
wants to logout from the OP (the spec [1] says “At the logout endpoint, the
OP SHOULD ask the End-User whether he wants to log out of the OP as well.”).
Also, the post_logout_redirect_uri is optional.

In Ozwillo [2] for instance, we list on that page all the RPs the user has
a valid access token issued to, so he knows what he logs out of. In our
case, we wouldn't use ui_locales though: if the user is signed in, we use
his profile's locale, and otherwise we redirect him either to the
post_logout_redirect_uri (if specified and valid) or to our homepage (which
currently doesn't support any equivalent to ui_locales, but we could use
the expected user's profile locale too). ui_locales would then only be
useful if no id_token_hint is provided *and* the user is not signed in.

[1] https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
[2]
https://github.com/ozwillo/ozwillo-kernel/blob/master/oasis-webapp/src/main/java/oasis/web/authn/LogoutPage.java
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170529/f98f67ec/attachment.html>


More information about the Openid-specs-ab mailing list