openid / connect / issues / #640 - Discovery - 3.2 Add OP's Iframe URL and logout endpoint for session management

Issue #640 resolved

Edmund Jay created an issue 2012-08-08

The session management spec mentions using the OP's iframe URL and logout endpoint but there is no concrete writeup for these parameters in the session management or discovery spec.

Comments (4)

Nat Sakimura
- assigned issue to
  
  Edmund Jay
Please come up with a concrete proposal > Edmund.
- 2012-08-09T14:29:50+00:00
Edmund Jay reporter
I think we can add the following to the discovery spec:

check_session_endpoint string The URL for an OP iframe that provides a page that provides cross-origin communications for session state information with the RP client, using the HTML5 postMessage API.

end_session_endpoint string URL of the OP's endpoint that initiates the user logout.

These parameter names can then be referenced in the Session spec.
- 2012-08-09T22:32:30+00:00
Michael Jones
The OP page is meant to be run inside in an invisible iframe in the OP's security context (so that it is in the same JavaScript origin, giving it access to the cookies, etc.) - but isn't an iframe itself.
- 2012-09-04T23:38:59+00:00
Edmund Jay reporter
- changed status to resolved
fixes ~~#640~~: Discovery - 3.2 Add OP's Iframe URL and logout endpoint for session management

→ 333561670e5f
- 2012-09-19T20:31:49+00:00
Log in to comment

Assignee: Edmund Jay

Type: bug

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0