[Openid-specs-ab] Issue #1133: Clarify that logout notifications to RPs are idempotent (openid/connect)

mbj issues-reply at bitbucket.org
Thu Dec 5 14:53:38 UTC 2019


New issue 1133: Clarify that logout notifications to RPs are idempotent
https://bitbucket.org/openid/connect/issues/1133/clarify-that-logout-notifications-to-rps

Michael Jones:

For all three mechanisms that OPs can use to trigger logouts to RPs \(Session Management, Front-Channel, and Back-Channel\), clarify that logouts are to be treated as idempotent.  In particular, if the OP triggers a logout at the RP and the RP is already logged out, this is to be treated as a success and not an error.

This issue resulted from the discussion at [https://github.com/openid-certification/oidctest/issues/205](https://github.com/openid-certification/oidctest/issues/205).

Responsible: Michael Jones


More information about the Openid-specs-ab mailing list