[Openid-specs-ab] Issue #1133: Clarify that logout notifications to RPs are idempotent (openid/connect)
issues-reply at bitbucket.org
Thu Dec 5 14:53:38 UTC 2019
New issue 1133: Clarify that logout notifications to RPs are idempotent
For all three mechanisms that OPs can use to trigger logouts to RPs \(Session Management, Front-Channel, and Back-Channel\), clarify that logouts are to be treated as idempotent. In particular, if the OP triggers a logout at the RP and the RP is already logged out, this is to be treated as a success and not an error.
This issue resulted from the discussion at [https://github.com/openid-certification/oidctest/issues/205](https://github.com/openid-certification/oidctest/issues/205).
Responsible: Michael Jones
More information about the Openid-specs-ab