[Openid-specs-ab] Issue #1134: Clarify that OPs must send a logout notification to the RP that requested RP-Initiated Logout (openid/connect)

mbj issues-reply at bitbucket.org
Thu Dec 5 14:58:07 UTC 2019


New issue 1134: Clarify that OPs must send a logout notification to the RP that requested RP-Initiated Logout
https://bitbucket.org/openid/connect/issues/1134/clarify-that-ops-must-send-a-logout

Michael Jones:

When an RP sends an RP-Initiated Logout message to the OP, the OP MUST still request that that RP log out if it believes that it was logged in.  \(This notification can happen via Session Management, Front-Channel, or Back-Channel.\)

This means that the RP need not clear its logged-in state before sending the RP-Initiated Logout message \(although it is also free to do so\).

This issue resulted from the discussion at [https://github.com/openid-certification/oidctest/issues/205](https://github.com/openid-certification/oidctest/issues/205).

Responsible: Michael Jones


More information about the Openid-specs-ab mailing list