Replies: 1 comment 1 reply
-
the call should work as you describe wrt. the IDP revoke scenario: you should not try and implement that with a non-standard extension, custom code , no protocol security review/guarantees and a fragile flow as described; if required the IDP could trigger standards-based Single Logout before authenticating the user to another application but in general I would not recommend pursuing this because it is practically inviable |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all, I try to figure out how to call the revoke_session via <redirect_uri>?revoke_session= uuid .
I tried to invoke via a browser with:
OIDCRedirectURI value and sessionid cookie value as uuid, but it seems it doesn't work.
Also - if I would like to send the UUID to idp to store last UUID assigned to the user, is there a way to do, so that on a next logon of the same user IDP could call <redirect_uri>?revoke_session= to revoke the previous session used by the user and let last login only to be able to access to the protected resources?
Beta Was this translation helpful? Give feedback.
All reactions