[Openid-specs-ab] post_logout_redirect_uri

Joseph Heenan joseph at authlete.com
Thu Nov 15 10:41:21 UTC 2018


Claimed https is only supported on iOS and Android as far as I know. So custom schemes is one of the solutions for native apps on WinPhone, Windows, macOS, linux desktops, tizen, etc.

That said, if any of the feedback about custom schemes is from iOS/Android people it’d be interesting to know why.

Cheers,

Joseph


> On 15 Nov 2018, at 08:33, Filip Skokan via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> Which they can do with claimed https uris, but still, i've gotten that feedback from implementers where they expected a custom scheme uri to be allowed.
> 
> S pozdravem,
> Filip Skokan
> 
> 
> On Thu, Nov 15, 2018 at 9:32 AM Filip Skokan <panva.ip at gmail.com <mailto:panva.ip at gmail.com>> wrote:
> Some people may want to redirect back to a native app too.
> 
> Best,
> Filip
> 
> 
> On Thu, Nov 15, 2018 at 2:10 AM John Bradley via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>> wrote:
> I think it may be reasonable to allow a fragment in the post logout 
> redirect.   Some people will want to redirect back to a Single Page 
> App.   I need to think about it.
> 
> On 11/14/2018 8:35 PM, Mike Jones via Openid-specs-ab wrote:
> > I agree that this should follow the same pattern as the redirect_uri - https, path permitted, query parameters permitted and preserved, fragment not permitted.
> >   
> > Filip Skokan also pointed out that there is likewise no description of the syntax of initiate_login_uri.  My sense is that should also be the same.
> >
> > Other's thoughts?
> >
> >                               -- Mike
> >
> > -----Original Message-----
> > From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net <mailto:openid-specs-ab-bounces at lists.openid.net>> On Behalf Of Roland Hedberg via Openid-specs-ab
> > Sent: Wednesday, November 14, 2018 7:14 AM
> > To: <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>> <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>>
> > Cc: Roland Hedberg <roland at catalogix.se <mailto:roland at catalogix.se>>
> > Subject: [Openid-specs-ab] post_logout_redirect_uri
> >
> > Hi!
> >
> > post_logout_redirect_uri are defined in https://openid.net/specs/openid-connect-session-1_0.html <https://openid.net/specs/openid-connect-session-1_0.html>
> > and refreed to in https://openid.net/specs/openid-connect-frontchannel-1_0.html <https://openid.net/specs/openid-connect-frontchannel-1_0.html>.
> >
> > In neither of these documents are there any specification of what a post_logout_redirect_uri is allowed to look like.
> >
> > backchannel_logout_uri in https://openid.net/specs/openid-connect-backchannel-1_0.html <https://openid.net/specs/openid-connect-backchannel-1_0.html> is defined as:
> >
> > ”The back-channel logout URI MUST be an absolute URI as defined by Section 4.3 of [RFC3986].
> > The back-channel logout URI MAY include an application/x-www-form-urlencoded formatted query component, per Section 3.4 of [RFC3986], which MUST be retained when adding additional query parameters.
> > The back-channel logout URI MUST NOT include a fragment component.”
> >
> > The same goes for frontchannel_logout_uri in https://openid.net/specs/openid-connect-frontchannel-1_0.html <https://openid.net/specs/openid-connect-frontchannel-1_0.html>
> >
> > I would expect the same rule to apply to post_logout_redirect_uri.
> >
> > -- Roland
> > "Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain
> >
> >
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20181115/ecca0aa5/attachment.html>


More information about the Openid-specs-ab mailing list