[Openid-specs-ab] Issue #1185: Mention of POST requests and SameSite cookie attributes (RP Initiated Logout) (openid/connect)

ritou issues-reply at bitbucket.org
Fri Aug 21 17:18:59 UTC 2020


New issue 1185: Mention of POST requests and SameSite cookie attributes (RP Initiated Logout)
https://bitbucket.org/openid/connect/issues/1185/mention-of-post-requests-and-samesite

Ryo Ito:

The RP Initiated Logout specification allows the RP to send a POST request to the OP's Logout Endpoint.  
It is well known that this is associated with the SameSite attribute, so does the specification need to mention it?  
  
Since specifications such as SessionManagement mention Third-Party Content, I think it's necessary in this specification as well.




More information about the Openid-specs-ab mailing list