[Openid-specs-ab] Issue #1134: Clarify that OPs must send a logout notification to the RP that requested RP-Initiated Logout (openid/connect)
issues-reply at bitbucket.org
Thu Dec 5 14:58:07 UTC 2019
New issue 1134: Clarify that OPs must send a logout notification to the RP that requested RP-Initiated Logout
When an RP sends an RP-Initiated Logout message to the OP, the OP MUST still request that that RP log out if it believes that it was logged in. \(This notification can happen via Session Management, Front-Channel, or Back-Channel.\)
This means that the RP need not clear its logged-in state before sending the RP-Initiated Logout message \(although it is also free to do so\).
This issue resulted from the discussion at [https://github.com/openid-certification/oidctest/issues/205](https://github.com/openid-certification/oidctest/issues/205).
Responsible: Michael Jones
More information about the Openid-specs-ab