OpenID-Connect-PHP icon indicating copy to clipboard operation
OpenID-Connect-PHP copied to clipboard

Published 20 hours ago verified publisher icon jumbojett

Add support for back-channel logout

Open mig5 opened this issue 2 years ago • 0 comments

Fixes #116

This adds functions that support back-channel logout.

With this, an implementor can evaluate verifyLogoutToken() and if true, proceed with the developer's application-specific technique for ending the subject's session in the RP. (How that is done is left up to the developer, per the OIDC spec. In my case it involves checking server-side for an existing session based on the sid received in the back-channel logout token, and destroying it if found. Working great for my needs)

I borrowed some of this code from an existing fork of this project, which I discovered by chance whilst browsing the 'downstream' forks. I guess it was never contributed back: https://github.com/dptsi/php-openid-connect-client/blob/master/src/OpenIDConnectClient.php#L1989-L2049

Please use this part of the spec to check the validation is correct: https://openid.net/specs/openid-connect-backchannel-1_0.html#Validation

mig5 avatar Jun 03 '22 02:06 mig5