<div id="__MailbirdStyleContent" style="font-size: 10pt;font-family: Lucida Console;color: #000000">
So is state passed via fragment or query in that case?<br><div><br></div><div class="mb_sig"><span style="font-family: Lucida Console">-Brock</span><div><br></div></div><blockquote class="history_container" type="cite" style="border-left-style:solid;border-width:1px; margin-top:20px; margin-left:0px;padding-left:10px;">
<p style="color: #AAAAAA; margin-top: 10px;">On 11/14/2018 8:10:40 PM, John Bradley via Openid-specs-ab <openid-specs-ab@lists.openid.net> wrote:</p><div style="font-family:Arial,Helvetica,sans-serif">I think it may be reasonable to allow a fragment in the post logout <br>redirect. Some people will want to redirect back to a Single Page <br>App. I need to think about it.<br><br>On 11/14/2018 8:35 PM, Mike Jones via Openid-specs-ab wrote:<br>> I agree that this should follow the same pattern as the redirect_uri - https, path permitted, query parameters permitted and preserved, fragment not permitted.<br>> <br>> Filip Skokan also pointed out that there is likewise no description of the syntax of initiate_login_uri. My sense is that should also be the same.<br>><br>> Other's thoughts?<br>><br>> -- Mike<br>><br>> -----Original Message-----<br>> From: Openid-specs-ab <openid-specs-ab-bounces@lists.openid.net> On Behalf Of Roland Hedberg via Openid-specs-ab<br>> Sent: Wednesday, November 14, 2018 7:14 AM<br>> To: <openid-specs-ab@lists.openid.net> <openid-specs-ab@lists.openid.net><br>> Cc: Roland Hedberg <roland@catalogix.se><br>> Subject: [Openid-specs-ab] post_logout_redirect_uri<br>><br>> Hi!<br>><br>> post_logout_redirect_uri are defined in https://openid.net/specs/openid-connect-session-1_0.html<br>> and refreed to in https://openid.net/specs/openid-connect-frontchannel-1_0.html.<br>><br>> In neither of these documents are there any specification of what a post_logout_redirect_uri is allowed to look like.<br>><br>> backchannel_logout_uri in https://openid.net/specs/openid-connect-backchannel-1_0.html is defined as:<br>><br>> ”The back-channel logout URI MUST be an absolute URI as defined by Section 4.3 of [RFC3986].<br>> The back-channel logout URI MAY include an application/x-www-form-urlencoded formatted query component, per Section 3.4 of [RFC3986], which MUST be retained when adding additional query parameters.<br>> The back-channel logout URI MUST NOT include a fragment component.”<br>><br>> The same goes for frontchannel_logout_uri in https://openid.net/specs/openid-connect-frontchannel-1_0.html<br>><br>> I would expect the same rule to apply to post_logout_redirect_uri.<br>><br>> -- Roland<br>> "Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain<br>><br>><br>><br>> _______________________________________________<br>> Openid-specs-ab mailing list<br>> Openid-specs-ab@lists.openid.net<br>> http://lists.openid.net/mailman/listinfo/openid-specs-ab<br>> _______________________________________________<br>> Openid-specs-ab mailing list<br>> Openid-specs-ab@lists.openid.net<br>> http://lists.openid.net/mailman/listinfo/openid-specs-ab<br>_______________________________________________<br>Openid-specs-ab mailing list<br>Openid-specs-ab@lists.openid.net<br>http://lists.openid.net/mailman/listinfo/openid-specs-ab<br></roland@catalogix.se></openid-specs-ab@lists.openid.net></openid-specs-ab@lists.openid.net></openid-specs-ab-bounces@lists.openid.net></div></blockquote>
</div>