[Openid-specs-ab] post_logout_redirect_uri

Filip Skokan panva.ip at gmail.com
Thu Nov 15 08:32:43 UTC 2018


Some people may want to redirect back to a native app too.

Best,
*Filip*


On Thu, Nov 15, 2018 at 2:10 AM John Bradley via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> I think it may be reasonable to allow a fragment in the post logout
> redirect.   Some people will want to redirect back to a Single Page
> App.   I need to think about it.
>
> On 11/14/2018 8:35 PM, Mike Jones via Openid-specs-ab wrote:
> > I agree that this should follow the same pattern as the redirect_uri -
> https, path permitted, query parameters permitted and preserved, fragment
> not permitted.
> >
> > Filip Skokan also pointed out that there is likewise no description of
> the syntax of initiate_login_uri.  My sense is that should also be the same.
> >
> > Other's thoughts?
> >
> >                               -- Mike
> >
> > -----Original Message-----
> > From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On
> Behalf Of Roland Hedberg via Openid-specs-ab
> > Sent: Wednesday, November 14, 2018 7:14 AM
> > To: <openid-specs-ab at lists.openid.net> <openid-specs-ab at lists.openid.net
> >
> > Cc: Roland Hedberg <roland at catalogix.se>
> > Subject: [Openid-specs-ab] post_logout_redirect_uri
> >
> > Hi!
> >
> > post_logout_redirect_uri are defined in
> https://openid.net/specs/openid-connect-session-1_0.html
> > and refreed to in
> https://openid.net/specs/openid-connect-frontchannel-1_0.html.
> >
> > In neither of these documents are there any specification of what a
> post_logout_redirect_uri is allowed to look like.
> >
> > backchannel_logout_uri in
> https://openid.net/specs/openid-connect-backchannel-1_0.html is defined
> as:
> >
> > ”The back-channel logout URI MUST be an absolute URI as defined by
> Section 4.3 of [RFC3986].
> > The back-channel logout URI MAY include an
> application/x-www-form-urlencoded formatted query component, per Section
> 3.4 of [RFC3986], which MUST be retained when adding additional query
> parameters.
> > The back-channel logout URI MUST NOT include a fragment component.”
> >
> > The same goes for frontchannel_logout_uri in
> https://openid.net/specs/openid-connect-frontchannel-1_0.html
> >
> > I would expect the same rule to apply to post_logout_redirect_uri.
> >
> > -- Roland
> > "Education is the path from cocky ignorance to miserable uncertainty.” -
> Mark Twain
> >
> >
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20181115/b91ed5f1/attachment.html>


More information about the Openid-specs-ab mailing list