OTK Logout API Not Meeting RFC Standards
search cancel

OTK Logout API Not Meeting RFC Standards

book

Article ID: 247069

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We have determined that the OTK logout api is not meeting RFC standards.  As seen within the OTK documentation we currently require a authorization header and id_token parameters.

Per openid standards the only recommended parameter for the logout api is id_token_hint.

Environment

All present OTK releases up to and including 4.5

Cause

The OTK logout api is currently not meeting RFC standards.

Resolution

The OTK development team will be making changes such that the logout api meets RFC standards.  These changes are to be included in the OTK 4.6 release.