diff --git a/oauth2_provider/views/oidc.py b/oauth2_provider/views/oidc.py
index c746c30ce..f4ece45e0 100644
--- a/oauth2_provider/views/oidc.py
+++ b/oauth2_provider/views/oidc.py
@@ -367,17 +367,53 @@ def validate_logout_request(self, id_token_hint, client_id, post_logout_redirect
         return application, id_token.user if id_token else None
 
     def must_prompt(self, token_user):
-        """Indicate whether the logout has to be confirmed by the user. This happens if the
-        specifications force a confirmation, or it is enabled by `OIDC_RP_INITIATED_LOGOUT_ALWAYS_PROMPT`.
+        """
+        per: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
+
+        > At the Logout Endpoint, the OP SHOULD ask the End-User whether to log
+        > out of the OP as well. Furthermore, the OP MUST ask the End-User this
+        > question if an id_token_hint was not provided or if the supplied ID
+        > Token does not belong to the current OP session with the RP and/or
+        > currently logged in End-User.
 
-        A logout without user interaction (i.e. no prompt) is only allowed
-        if an ID Token is provided that matches the current user.
         """
-        return (
-            oauth2_settings.OIDC_RP_INITIATED_LOGOUT_ALWAYS_PROMPT
-            or token_user is None
-            or token_user != self.request.user
-        )
+
+        if oauth2_settings.OIDC_RP_INITIATED_LOGOUT_ALWAYS_PROMPT:
+            """
+            > At the Logout Endpoint, the OP SHOULD ask the End-User whether to
+            > log out of the OP as well
+
+            The admin has configured the OP to always prompt the userfor logout
+            per the SHOULD recommendation.
+            """
+            return True
+
+        if token_user is None:
+            """
+            > the OP MUST ask ask the End-User whether to log out of the OP as
+            > well if the supplied ID Token does not belong to the current OP
+            > session with the RP.
+
+            token_user will only be populated if an ID token was found for the
+            RP (Application) that is requesting the logout. If token_user is not
+            then we must prompt the user.
+            """
+            return True
+
+        if self.request.user.is_authenticated and token_user != self.request.user:
+            """
+            > the OP MUST ask ask the End-User whether to log out of the OP as
+            > well if the supplied ID Token does not belong to the logged in
+            > End-User.
+
+            is_authenticated indicates that there is a logged in user.
+            token_user != self.request.user indicates that the token does not
+            belong to the logged in user. Therefore we need to prompt the user.
+            """
+            return True
+
+        """ We didn't find a reason to prompt the user """
+        return False
 
     def do_logout(self, application=None, post_logout_redirect_uri=None, state=None, token_user=None):
         user = token_user or self.request.user
diff --git a/tests/test_oidc_views.py b/tests/test_oidc_views.py
index 8bdf18360..8e596d194 100644
--- a/tests/test_oidc_views.py
+++ b/tests/test_oidc_views.py
@@ -311,6 +311,10 @@ def test_must_prompt(oidc_tokens, other_user, rp_settings, ALWAYS_PROMPT):
         == ALWAYS_PROMPT
     )
     assert RPInitiatedLogoutView(request=mock_request_for(other_user)).must_prompt(oidc_tokens.user) is True
+    assert (
+        RPInitiatedLogoutView(request=mock_request_for(AnonymousUser())).must_prompt(oidc_tokens.user)
+        is False
+    )
 
 
 def test__load_id_token():