Pass client_id to end-session endpoint #1096
smarsching
started this conversation in
Ideas
Replies: 1 comment 3 replies
-
I have a patch lying around that adds support for adding arbitrary parameters to the logout request, I'll add that |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
At the moment, the
oidc_handle_logout
only passes theid_token_hint
and (optionally) thepost_logout_redirect_uri
to the OP’s end-session endpoint URL when doing the redirect.This is a problem for us, because our OP does not seem to be able to correctly handle requests that are missing the
client_id
parameter. The OpenID Connect RP-Initiated Logout 1.0 specification says about theclient_id
parameter:So, mod_auth_openidc clearly is standard compliant at the moment as
client_id
is optional, but as OPs might use symmetrically encrypted ID tokens according to the specification, passing it seems like a good idea. For OPs that do not need this parameter, passing it should not hurt, as it is part of the standard and all compliant OPs should be able to handle it.Is there any reason why
client_id
was deliberately not included? If not, I would be willing to provide a PR that adds this parameter (this should only add a few lines of code tooidc_handle_logout
.Beta Was this translation helpful? Give feedback.
All reactions