go-oidc icon indicating copy to clipboard operation
go-oidc copied to clipboard
verified publisher icon coreos

Adds ability to validate Logout token

Open like-a-bause opened this issue 5 years ago • 15 comments

Adds the ability to validate a Logout Token according to https://openid.net/specs/openid-connect-backchannel-1_0.html

ericchiang:mod branch is already merged.

Closes #211

like-a-bause avatar Jun 12 '20 10:06 like-a-bause

Sorry to bother, may I ask when this will be merged?

archerbj avatar Jan 26 '21 10:01 archerbj

@aspeteRakete do you have some insights why this PR is not merged?

flo-mic avatar Feb 14 '22 19:02 flo-mic

I think @ericchiang was concerned that backchannel logout is still in draft state. As can be seen in this comment: https://github.com/coreos/go-oidc/issues/211#issuecomment-616663247

The last rev of the spec was published on August 7, 2020. But at least it is not listed as inactive. For reference: https://openid.net/specs/openid-connect-backchannel-1_0.html https://openid.net/developers/specs/

like-a-bause avatar Feb 14 '22 19:02 like-a-bause

Ah I see. Unfortunately it is two years ago since last update ☹️ and backchannel logout would be a huge security improvement from my perspective. Hope thy will finalize this soon.

Anyway, thanks for the PR 👍🏼. Would like to see it implemented

flo-mic avatar Feb 14 '22 19:02 flo-mic

You can of course use my fork if you want to use backchannel logout. Just updated the branch to contain the latest upstream changes.

like-a-bause avatar Feb 15 '22 07:02 like-a-bause

Is there any update on this? As far as I am aware, this would not be a breaking change and would allow us to implement backchannel logout without having to rely on an unofficial fork. Backchannel logout is widely supported by several IdPs, Keycloak would be a popular example.

lus avatar Mar 27 '22 15:03 lus

Is this PR moving forward? Looks like it's official https://openid.net/specs/openid-connect-backchannel-1_0.html @ericchiang

lwj5 avatar Sep 30 '22 05:09 lwj5

Since backchannel logout is official, I think this PR should be merged.

shkarface avatar Apr 01 '23 10:04 shkarface

Any news here? Would greatly appreciate this critical feature.

FAUSheppy avatar Jun 30 '23 16:06 FAUSheppy

This is still desired

ruoibmt avatar Jun 24 '24 16:06 ruoibmt

Hey @ericchiang, since this is official https://openid.net/specs/openid-connect-backchannel-1_0.html, could you take a look on this PR? This blocks an important feature for oauth2-proxy https://github.com/oauth2-proxy/oauth2-proxy/issues/1224

marjuscako avatar Sep 04 '24 07:09 marjuscako