[Openid-specs-ab] Spec Call Notes 27-Aug-20

Filip Skokan panva.ip at gmail.com
Thu Aug 27 18:35:41 UTC 2020

> Post-logout redirection should only happen to RPs that have recently been logged in and to registered post_logout_redirect_uri values

Where do we state such requirement or sentiment? If we’ll be adding hints that are carried by an id token that a client didn’t keep we should accomodate all use cases, that includes making sure post logout redirection is actionable. There’s an end user prompt involved anyway so what’s the harm?

Odesláno z iPhonu

> 27. 8. 2020 v 20:14, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200827/db63208b/attachment.html>

More information about the Openid-specs-ab mailing list