nextcloud-oidc-login
nextcloud-oidc-login copied to clipboard
pulsejet
Implement backchannel logout
A recent addition to the jumpjett php openidc library added back channel logout. This is a huge win, as it would allow single logout when hitting the logout button on nextcloud when implemented.
two things required:
- Updating the library
- look if another option needs to be added to config.yml
This is a huge win, as it would allow single logout when hitting the logout button on nextcloud when implemented.
Isn't it the other way around?
Back-channel authentication assumes you can end a session on the server side on behalf of the user (without relying on their browser). The request is a POST from the OP direct to your RP. In this way, the use of this library can ensure your RP performs 'single sign out' for the user even if they didn't have your RP open in a browser or other device, but still had an active session there.
Here the RP (Relying Party) being nextcloud and the OP (Openid Provider) being Keycloak or Auth0 etc.
I am not very familiar with how nextcloud manages sessions, but I suppose this could be tackled someways. Are you interested in providing a PR?
look if another option needs to be added to config.yml
What config.yml file are you refering to?
This is a huge win, as it would allow single logout when hitting the logout button on nextcloud when implemented.
Isn't it the other way around?
Back-channel authentication assumes you can end a session on the server side on behalf of the user (without relying on their browser). The request is a POST from the OP direct to your RP. In this way, the use of this library can ensure your RP performs 'single sign out' for the user even if they didn't have your RP open in a browser or other device, but still had an active session there.
Here the RP (Relying Party) being nextcloud and the OP (Openid Provider) being Keycloak or Auth0 etc.
I am not very familiar with how nextcloud manages sessions, but I suppose this could be tackled someways. Are you interested in providing a PR?
look if another option needs to be added to config.yml
What
config.ymlfile are you refering to?
Correct, it would logout nextcloud when other services log-out.
though,currently, SLO when hitting logout on nextcloud is also not working correctly…
Im already a maintainer on multiple projects and stretched as-is. I will, most likely, not send in a PR. I do not have the time to familiarise myself with yet another codebase.
though,currently, SLO when hitting logout on nextcloud is also not working correctly…
This looks like another subject. You can open another ticket and describe the behavior you see?
I will, most likely, not send in a PR. I do not have the time to familiarise myself with yet another codebase.
Fair enough. This probably won't be implemented until someone sends a patch though.