-
assigned issue to
Discovery - 3.2 Add OP's Iframe URL and logout endpoint for session management
The session management spec mentions using the OP's iframe URL and logout endpoint but there is no concrete writeup for these parameters in the session management or discovery spec.
Comments (4)
-
-
reporter I think we can add the following to the discovery spec:
check_session_endpoint string The URL for an OP iframe that provides a page that provides cross-origin communications for session state information with the RP client, using the HTML5 postMessage API.
end_session_endpoint string URL of the OP's endpoint that initiates the user logout.
These parameter names can then be referenced in the Session spec.
-
The OP page is meant to be run inside in an invisible iframe in the OP's security context (so that it is in the same JavaScript origin, giving it access to the cookies, etc.) - but isn't an iframe itself.
-
reporter - changed status to resolved
fixes
#640: Discovery - 3.2 Add OP's Iframe URL and logout endpoint for session management - Log in to comment
Please come up with a concrete proposal > Edmund.