OpenID Connect Back-Channel Logout 1.0: Explicit typing of the logout token?

Issue #1468 resolved
Vladimir Dzhuvinov created an issue

The current 06 draft doesn’t specify whether the logout token may be or is required to be explicitly typed, according to the referenced SET RFC 8417.

Comments (3)

  1. Michael Jones

    I would propose that register the media type “application/logout+jwt“ for this purpose and makes its use RECOMMENDED for Logout Tokens.

  2. Log in to comment