Discovery - 3.2 Add OP's Iframe URL and logout endpoint for session management

Issue #640 resolved
Edmund Jay created an issue

The session management spec mentions using the OP's iframe URL and logout endpoint but there is no concrete writeup for these parameters in the session management or discovery spec.

Comments (4)

  1. Edmund Jay reporter

    I think we can add the following to the discovery spec:

    check_session_endpoint string The URL for an OP iframe that provides a page that provides cross-origin communications for session state information with the RP client, using the HTML5 postMessage API.

    end_session_endpoint string URL of the OP's endpoint that initiates the user logout.

    These parameter names can then be referenced in the Session spec.

  2. Michael Jones

    The OP page is meant to be run inside in an invisible iframe in the OP's security context (so that it is in the same JavaScript origin, giving it access to the cookies, etc.) - but isn't an iframe itself.

  3. Log in to comment