<div dir="ltr">It is not uncommon that OP asks the user to confirm the RP initiated logout if the request is missing an id_token_hint, i assume the locale is meant for this confirmation. There are several mentions of an OP confirmation prompt in Session Management<div><br>[1] in section 5: "At the logout endpoint, the OP SHOULD ask the End-User whether he wants to log out of the OP as well. If the End-User says "yes", then the OP MUST log out the End-User."</div><div>[2] in section 8: "Logout requests without a valid id_token_hint value are a potential means of denial of service; therefore, OPs may want to require explicit user confirmation before acting upon them."<div><br><div><div class="gmail_extra"><div><div class="gmail_signature">Best,<br><b>Filip</b></div></div>
<br><div class="gmail_quote">On Mon, May 29, 2017 at 6:22 PM, Sergey Beryozkin via Openid-specs-ab <span dir="ltr"><<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Vladimir<br>
<br>
We've only prototyped the code around the RP-initiated logout spec text, hence the question, in this flow, it is actually the RP-controlled endpoint that has the user being redirected to it, once OIDC completes this RP-initiated logout request, and this RP endpoint will display the message.<br>
So is it something that it is not that OIDC can control, which Locale to use ?<br>
I may've missed something with respect to how this flow actually works though...<br>
<br>
Thanks, Sergey<div class="gmail-HOEnZb"><div class="gmail-h5"><br>
<br>
On 29/05/17 16:28, Vladimir Dzhuvinov via Openid-specs-ab wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
New issue 1017: Session management: RP-init logout: Proposal for optional ui_locales parameter<br>
<a href="https://bitbucket.org/openid/connect/issues/1017/session-management-rp-init-logout-proposal" rel="noreferrer" target="_blank">https://bitbucket.org/openid/c<wbr>onnect/issues/1017/session-man<wbr>agement-rp-init-logout-proposa<wbr>l</a><br>
<br>
Vladimir Dzhuvinov:<br>
<br>
At the end-session endpoint the end-user typically needs be presented with a confirmation dialog. For that reason I would like to propose a new optional parameter for the RP-initiated logout request -- "ui_locales", identical to the one already available for OpenID authentication requests.<br>
<br>
We can reuse the description in Core for that:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
ui_locales<br>
OPTIONAL. End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value "fr-CA fr en" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.<br>
</blockquote>
<br>
<br>
______________________________<wbr>_________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.n<wbr>et</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">http://lists.openid.net/mailma<wbr>n/listinfo/openid-specs-ab</a><br>
<br>
</blockquote>
<br>
______________________________<wbr>_________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.n<wbr>et</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">http://lists.openid.net/mailma<wbr>n/listinfo/openid-specs-ab</a><br>
</div></div></blockquote></div><br></div></div></div></div></div>