MozillaWiki

Security/Guidelines/OpenID Connect: Difference between revisions

Page Discussion

Security/Guidelines/OpenID Connect (view source)

Revision as of 23:45, 21 April 2017

239 bytes added ,  21 April 2017
no edit summary
No edit summary
No edit summary
 
Line 142: Line 142:
** This issues a new ID token, with new attributes if they have changed.
** This issues a new ID token, with new attributes if they have changed.
** This may also renew the ID token expiration time.
** This may also renew the ID token expiration time.
* The web application (R) can '''optionally''' provide a <code>logout</code> URL, which the OpenID Connect Provider (OP) can call to indicate if a user has logged out (so that the web application immediately know when to log the user out as well).
** This is generally done with the parameter <code>prompt=none</code> while calling the OpenID Connect <code>authorize</code> endpoint. See also [http://openid.net/specs/openid-connect-implicit-1_0.html#RequestParameters specifications].
* The web application (RP) can '''optionally''' provide a <code>logout</code> URL, which the OpenID Connect Provider (OP) can call to indicate if a user has logged out (so that the web application immediately know when to log the user out as well).


=== Other important security considerations ===
=== Other important security considerations ===
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1168984"