search

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
https://docs.jans.io
Apache License 2.0
471 stars 75 forks source link

Logout - RP-Initiated - User Confirmation page (optional, not required by conformance tests) #363

Open martynaslawinska opened 3 years ago

martynaslawinska commented 3 years ago

miltonbo commented on Feb 28, 2020

Issue

According to the documentation we SHOULD add a step in the logout endpoint when it is RP-Initiated. That step is to ask to the user whether he wants to log out.

Documentation https://openid.net/specs/openid-connect-session-1_0.html

At the logout endpoint, the OP SHOULD ask the End-User whether he wants to log out of the OP as well. If the End-User says "yes", then the OP MUST log out the End-User.

SHOULD aclaration According to the RFC documentation SHOULD word is the adjective "RECOMMENDED", means that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

Milton-Ch commented 2 years ago

nynymike commented on Feb 28, 2020 I agree that we can wait... let's hear from customers that they want this feature.