openid / connect / issues / #1133 - Clarify that logout notifications to RPs are idempotent — Bitbucket

Issue #1133 resolved

Michael Jones created an issue 2019-12-05

For all three mechanisms that OPs can use to trigger logouts to RPs (Session Management, Front-Channel, and Back-Channel), clarify that logouts are to be treated as idempotent. In particular, if the OP triggers a logout at the RP and the RP is already logged out, this is to be treated as a success and not an error.

This issue resulted from the discussion at https://github.com/openid-certification/oidctest/issues/205.

Comments (2)

Michael Jones reporter
For Back-Channel, if you’re already logged out and asked to log out, you should return 200 success.
- 2019-12-05T15:31:53+00:00
Michael Jones reporter
- changed status to resolved
Fixed ~~#1133~~ - Clarify that logout notifications to RPs are idempotent

→ <<cset cad80d41bce8>>
- 2020-08-04T01:09:00+00:00
Log in to comment

Assignee: Michael Jones

Type: enhancement

Priority: major

Status: resolved

Component: Logout

Milestone: Final

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!