- edited description
Insufficient validation of post_logout_redirect_uri
Issue #13
new
In the OP's handle_end_session function, the post_logout_redirect_uri
is not validated. The RFC mentions the following
The value MUST have been previously registered with the OP, either using the
post_logout_redirect_uris
Registration parameter or via another mechanism.
Comments (1)
-
reporter - Log in to comment