Post-interaction static page

[jricher]

§2.5.3 Receive a Callback After Interaction: Editor's note:

There has been some call for a post-interaction redirect that is not tied to the underlying security model - specifically, sending the user over to a client-hosted page with client-specific instructions on how to continue. This would be something hosted externally to the client instance, so the client instance would never see this incoming call. We could accomplish that using this "callback" post-redirect mechanism but with "method": "static" or "nonce": false or some other signal to indicate that the client won't see the incoming request.

[aaronpk]

I can almost see how this would be useful, but I think we should have a concrete use case before adding a new method.

[jricher]

Alternate proposal:

Add a field to the display object to allow the client instance to provide a post-interaction message that the AS MUST display to the end user after interaction has completed. Probably warrants a security consideration mention, possibly in the section that talks about displaying client-supplied values (12.12 and 12.13, for example).

[jricher]

No concrete use cases have been brought forward, closing. Could be added as extension to interaction methods if desired by community.