[Openid-specs-ab] post_logout_redirect_uri

Filip Skokan panva.ip at gmail.com
Thu Nov 15 08:33:47 UTC 2018


Which they can do with claimed https uris, but still, i've gotten that
feedback from implementers where they expected a custom scheme uri to be
allowed.

S pozdravem,
*Filip Skokan*


On Thu, Nov 15, 2018 at 9:32 AM Filip Skokan <panva.ip at gmail.com> wrote:

> Some people may want to redirect back to a native app too.
>
> Best,
> *Filip*
>
>
> On Thu, Nov 15, 2018 at 2:10 AM John Bradley via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>> I think it may be reasonable to allow a fragment in the post logout
>> redirect.   Some people will want to redirect back to a Single Page
>> App.   I need to think about it.
>>
>> On 11/14/2018 8:35 PM, Mike Jones via Openid-specs-ab wrote:
>> > I agree that this should follow the same pattern as the redirect_uri -
>> https, path permitted, query parameters permitted and preserved, fragment
>> not permitted.
>> >
>> > Filip Skokan also pointed out that there is likewise no description of
>> the syntax of initiate_login_uri.  My sense is that should also be the same.
>> >
>> > Other's thoughts?
>> >
>> >                               -- Mike
>> >
>> > -----Original Message-----
>> > From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On
>> Behalf Of Roland Hedberg via Openid-specs-ab
>> > Sent: Wednesday, November 14, 2018 7:14 AM
>> > To: <openid-specs-ab at lists.openid.net> <
>> openid-specs-ab at lists.openid.net>
>> > Cc: Roland Hedberg <roland at catalogix.se>
>> > Subject: [Openid-specs-ab] post_logout_redirect_uri
>> >
>> > Hi!
>> >
>> > post_logout_redirect_uri are defined in
>> https://openid.net/specs/openid-connect-session-1_0.html
>> > and refreed to in
>> https://openid.net/specs/openid-connect-frontchannel-1_0.html.
>> >
>> > In neither of these documents are there any specification of what a
>> post_logout_redirect_uri is allowed to look like.
>> >
>> > backchannel_logout_uri in
>> https://openid.net/specs/openid-connect-backchannel-1_0.html is defined
>> as:
>> >
>> > ”The back-channel logout URI MUST be an absolute URI as defined by
>> Section 4.3 of [RFC3986].
>> > The back-channel logout URI MAY include an
>> application/x-www-form-urlencoded formatted query component, per Section
>> 3.4 of [RFC3986], which MUST be retained when adding additional query
>> parameters.
>> > The back-channel logout URI MUST NOT include a fragment component.”
>> >
>> > The same goes for frontchannel_logout_uri in
>> https://openid.net/specs/openid-connect-frontchannel-1_0.html
>> >
>> > I would expect the same rule to apply to post_logout_redirect_uri.
>> >
>> > -- Roland
>> > "Education is the path from cocky ignorance to miserable uncertainty.”
>> - Mark Twain
>> >
>> >
>> >
>> > _______________________________________________
>> > Openid-specs-ab mailing list
>> > Openid-specs-ab at lists.openid.net
>> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> > _______________________________________________
>> > Openid-specs-ab mailing list
>> > Openid-specs-ab at lists.openid.net
>> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20181115/0f59bffb/attachment.html>


More information about the Openid-specs-ab mailing list