[Openid-specs-ab] Issue #1185: Mention of POST requests and SameSite cookie attributes (RP Initiated Logout) (openid/connect)
issues-reply at bitbucket.org
Fri Aug 21 17:18:59 UTC 2020
New issue 1185: Mention of POST requests and SameSite cookie attributes (RP Initiated Logout)
The RP Initiated Logout specification allows the RP to send a POST request to the OP's Logout Endpoint.
It is well known that this is associated with the SameSite attribute, so does the specification need to mention it?
Since specifications such as SessionManagement mention Third-Party Content, I think it's necessary in this specification as well.
More information about the Openid-specs-ab