PEOFIAMP / phpOIDC / issues / #13 - Insufficient validation of post_logout_redirect_uri — Bitbucket

Issue #13 new

melonattacker created an issue 2023-03-15

In the OP's handle_end_session function, the post_logout_redirect_uri is not validated. The RFC mentions the following

The value MUST have been previously registered with the OP, either using the post_logout_redirect_uris Registration parameter or via another mechanism.

‌

Comments (1)

melonattacker reporter
- edited description
- 2023-03-15T12:47:14+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: new

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!