3/17/2023 0 Comments Xsection 2.1To be specified by other means, so that the ID Tokens can be decrypted by the OP.Īnd MAY contain port, path, and query parameter components Symmetrically encrypted ID Tokens used as id_token_hint values When post_logout_redirect_uri is used but The most common use case for this parameter is to specify the Client Identifier The OP MUST verify that the Client Identifier matches the one used when issuing the OAuth 2.0 Client Identifier valid at the Authorization Server. Whereas, logout_hint is used in RP-Initiated Logout Requests.) Mortimore, “OpenID Connect Core 1.0,” November 2014. Parameter defined in Section 3.1.2.1 of OpenID Connect Core 1.0 ( Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and C. (This parameter is intended to be analogous to the login_hint Or session identifier pertaining to the RP's session with the OP for the End-User. The value and meaning of this parameter is left up to the OP's discretion.įor instance, the value might contain an email address, phone number, username, Hint to the Authorization Server about the End-User that is logging out. This is used as an indication of the identity of theĮnd-User that the RP is requesting be logged out by the OP. ID Token previously issued by the OP to the RP passed to the Logout EndpointĪs a hint about the End-User's current authenticated That are used in the logout request at the Logout Endpoint: This specification defines the following parameters The endpoint at the OpenID Provider that is the target ofĪn RP requests that the OP log out the End-Userīy redirecting the End-User's User Agent to the OP's Logout Endpoint.ĭiscovery response or may be learned via other mechanisms. This specification also defines the following term: Whenever the reader encounters them, their definitions "Relying Party", reference these defined terms. All theĬapitalized words in the text of this specification, such as Imposing requirements upon implementations. This section are a normative portion of this specification, IMPORTANT NOTE TO READERS: The terminology definitions in OpenID Connect Core 1.0 ( Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and C. Reschke, Ed., “Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing,” June 2014. The term "User Agent" defined by RFC 7230 ( Fielding, R., Ed. "Authorization Endpoint", "Authorization Server",ĭefined by OAuth 2.0 ( Hardt, D., Ed., “The OAuth 2.0 Authorization Framework,” October 2012. Values to be taken literally are indicated by The quotes MUST NOT be used as part of the value. When using these values in protocol messages, Values are quoted to indicate that they are to be taken literally. "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in thisĭocument are to be interpreted as described in RFC 2119 ( Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", Bradley, “OpenID Connect Back-Channel Logout 1.0,” September 2022. OpenID Connect Back-Channel Logout 1.0 ( Jones, M. OpenID Connect Front-Channel Logout 1.0 ( Jones, M., “OpenID Connect Front-Channel Logout 1.0,” September 2022. Jones, “OpenID Connect Session Management 1.0,” September 2022. OpenID Connect Session Management 1.0 ( de Medeiros, B., Agarwal, N., Sakimura, N., Bradley, J., and M. This specification can be used separately from or in combination with ) specificationīy enabling the Relying Party to request thatĪn End-User be logged out by the OpenID Provider. ( Hardt, D., Ed., “The OAuth 2.0 Authorization Framework,” October 2012. OAuth Dynamic Client Registration Metadata Registration OAuth Authorization Server Metadata Registry To request that an OpenID Provider log out the End-User. This specification defines a mechanism for a Relying Party Obtain basic profile information about the End-User in an interoperable and On the authentication performed by an Authorization Server, as well as to It enables Clients to verify the identity of the End-User based OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |