Yes, your understanding is correct.
Reply to question 1: The link received in the mail is correct. its "www.xyz.se/extranat/_/idprovider/"
Reply to question 2: When I submitted the "Password reset" form with the email id, it is redirected to "xyz.se/extranat/_/idprovider/utviklingsstore?action=sent" and I am unable to login anymore. If I try logging in, I will be redirected to "www.xyz.se" which is wrong.
Once we have received the email to change our password, we get a correct link to rest the password. when we submit the form with new password we get "Logout" button. When we click on that, we are redirected to "xyz.se/extranat/_/idprovider/utviklingsstore/logout". We are unable to login after that.
Reply to question 3:
When we use "logoutUrl" to create a link and logout the user, from web page it does not work. Once we are logged out it will route us to "xyz.se/_/idprovider/" which won't work.
( We have sixed it though using "logout" method in a service and calling that instead of logouturl. But would be nice to get the same fixed in id provider.