Clarify that logout notifications to RPs are idempotent

Issue #1133 resolved
Michael Jones created an issue

For all three mechanisms that OPs can use to trigger logouts to RPs (Session Management, Front-Channel, and Back-Channel), clarify that logouts are to be treated as idempotent. In particular, if the OP triggers a logout at the RP and the RP is already logged out, this is to be treated as a success and not an error.

This issue resulted from the discussion at

Comments (2)

  1. Michael Jones reporter

    For Back-Channel, if you’re already logged out and asked to log out, you should return 200 success.

  2. Log in to comment