[Openid-specs-ab] Issue #1017: Session management: RP-init logout: Proposal for optional ui_locales parameter (openid/connect)

Sergey Beryozkin sberyozkin at gmail.com
Tue May 30 10:08:59 UTC 2017


Hi Filip, and Thomas,

Thanks for the explanation, it helps, I don't recall seeing an OIDC 
(IDP) level dialogs, but I understand now why it may be needed...

Cheers, Sergey
On 29/05/17 17:51, Filip Skokan wrote:
> It is not uncommon that OP asks the user to confirm the RP initiated 
> logout if the request is missing an id_token_hint, i assume the locale 
> is meant for this confirmation. There are several mentions of an OP 
> confirmation prompt in Session Management
> 
> [1] in section 5: "At the logout endpoint, the OP SHOULD ask the 
> End-User whether he wants to log out of the OP as well. If the End-User 
> says "yes", then the OP MUST log out the End-User."
> [2] in section 8: "Logout requests without a valid id_token_hint value 
> are a potential means of denial of service; therefore, OPs may want to 
> require explicit user confirmation before acting upon them."
> 
> Best,
> *Filip*
> 
> On Mon, May 29, 2017 at 6:22 PM, Sergey Beryozkin via Openid-specs-ab 
> <openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net>> wrote:
> 
>     Hi Vladimir
> 
>     We've only prototyped the code around the RP-initiated logout spec
>     text, hence the question, in this flow, it is actually the
>     RP-controlled endpoint that has the user being redirected to it,
>     once OIDC completes this RP-initiated logout request, and this RP
>     endpoint will display the message.
>     So is it something that it is not that OIDC can control, which
>     Locale to use ?
>     I may've missed something with respect to how this flow actually
>     works though...
> 
>     Thanks, Sergey
> 
> 
>     On 29/05/17 16:28, Vladimir Dzhuvinov via Openid-specs-ab wrote:
> 
>         New issue 1017: Session management: RP-init logout: Proposal for
>         optional ui_locales parameter
>         https://bitbucket.org/openid/connect/issues/1017/session-management-rp-init-logout-proposal
>         <https://bitbucket.org/openid/connect/issues/1017/session-management-rp-init-logout-proposal>
> 
>         Vladimir Dzhuvinov:
> 
>         At the end-session endpoint the end-user typically needs be
>         presented with a confirmation dialog. For that reason I would
>         like to propose a new optional parameter for the RP-initiated
>         logout request -- "ui_locales", identical to the one already
>         available for OpenID authentication requests.
> 
>         We can reuse the description in Core for that:
> 
>             ui_locales
>                  OPTIONAL. End-User's preferred languages and scripts
>             for the user interface, represented as a space-separated
>             list of BCP47 [RFC5646] language tag values, ordered by
>             preference. For instance, the value "fr-CA fr en" represents
>             a preference for French as spoken in Canada, then French
>             (without a region designation), followed by English (without
>             a region designation). An error SHOULD NOT result if some or
>             all of the requested locales are not supported by the OpenID
>             Provider.
> 
> 
> 
>         _______________________________________________
>         Openid-specs-ab mailing list
>         Openid-specs-ab at lists.openid.net
>         <mailto:Openid-specs-ab at lists.openid.net>
>         http://lists.openid.net/mailman/listinfo/openid-specs-ab
>         <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
> 
> 
>     _______________________________________________
>     Openid-specs-ab mailing list
>     Openid-specs-ab at lists.openid.net
>     <mailto:Openid-specs-ab at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>     <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
> 
> 


More information about the Openid-specs-ab mailing list