CheckSessionIFrame should send client_id

IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

Apache License 2.0

2.43k stars 842 forks source link

CheckSessionIFrame should send client_id #678

Closed gondzo closed 6 years ago

gondzo commented 6 years ago

CheckSessionIFrame should contain the client_id query parameter in the frame url. This is required by some identity servers such as wso2is Current: https://:9443/oidc/checksession (raw url from the metadata endpoint) Expected: https://:9443/oidc/checksession?client_id=

Change should probably be implemented at https://github.com/IdentityModel/oidc-client-js/blob/5af4d707e7330c39997f16aa02983836c883d960/src/CheckSessionIFrame.js#L28

brockallen commented 6 years ago

That's not covered in the spec: https://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification