[mitreid-connect] End Session and access tokens
Luiz Omori
luiz.omori at duke.edu
Mon Jun 26 17:26:14 EDT 2017
I played a bit with the new End Session endpoint and noticed that after calling it the previously acquired access token was still valid. Is this by design? I understand that the Rp can just discard it but still surprising that the access token was valid (per Introspection). Is this just to terminate the “behind the scenes” browser session?
Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170626/116f3bdc/attachment.html
More information about the mitreid-connect
mailing list