[mitreid-connect] End Session and access tokens

Luiz Omori luiz.omori at duke.edu
Mon Jun 26 17:26:14 EDT 2017


I played a bit with the new End Session endpoint and noticed that after calling it the previously acquired access token was still valid. Is this by design? I understand that the Rp can just discard it but still surprising that the access token was valid (per Introspection). Is this just to terminate the “behind the scenes” browser session?

Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170626/116f3bdc/attachment.html


More information about the mitreid-connect mailing list