Clarify that logout notifications to RPs are idempotent
Issue #1133
resolved
For all three mechanisms that OPs can use to trigger logouts to RPs (Session Management, Front-Channel, and Back-Channel), clarify that logouts are to be treated as idempotent. In particular, if the OP triggers a logout at the RP and the RP is already logged out, this is to be treated as a success and not an error.
This issue resulted from the discussion at https://github.com/openid-certification/oidctest/issues/205.
Comments (2)
-
reporter -
reporter - changed status to resolved
Fixed
#1133- Clarify that logout notifications to RPs are idempotent→ <<cset cad80d41bce8>>
- Log in to comment
For Back-Channel, if you’re already logged out and asked to log out, you should return 200 success.