[Openid-specs-ab] Spec Call Notes 27-Aug-20
panva.ip at gmail.com
Thu Aug 27 18:35:41 UTC 2020
> Post-logout redirection should only happen to RPs that have recently been logged in and to registered post_logout_redirect_uri values
Where do we state such requirement or sentiment? If we’ll be adding hints that are carried by an id token that a client didn’t keep we should accomodate all use cases, that includes making sure post logout redirection is actionable. There’s an end user prompt involved anyway so what’s the harm?
Odesláno z iPhonu
> 27. 8. 2020 v 20:14, Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab