spring-projects
Support OpenID Connect Back-Channel Logout
Expected Behavior Support OpenID Connect Back-Channel Logout.
If the OpenID Provider supports OpenID Connect Discovery 1.0, it uses this metadata value to advertise its support for back-channel logout:
backchannel_logout_supported OPTIONAL. Boolean value specifying whether the OP supports back-channel logout, with true indicating support. If omitted, the default value is false. It SHOULD also register this related metadata value:
backchannel_logout_session_supported OPTIONAL. Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP. If omitted, the default value is false.
sid OPTIONAL. Session ID - String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different sid values are used to identify distinct sessions at an OP. The sid value need only be unique in the context of a particular issuer. Its contents are opaque to the RP. Its syntax is the same as an OAuth 2.0 Client Identifier.
Current Behavior Not yet support.
Context It is very necessary to Support OpenID Connect Back-Channel Logout. In a microservice system, we can use this feature to unify the session logout function for different services to manage users.
This issue was transferred from spring-projects/spring-authorization-server (see spring-authorization-server#2195)