spring-session icon indicating copy to clipboard operation
spring-session copied to clipboard
verified publisher icon spring-projects

Provide & auto-configure an `OidcSessionRegistry` impl for Back-Channel Logout in distributed environments

Open ch4mpy opened this issue 10 months ago • 0 comments

Expected Behavior

When using Spring Session with Spring Boot, I'd expect Back-Channel Logout to work out of the box. This would require a compatible OidcSessionRegistry in the application context.

Current Behavior

The only OidcSessionRegistry provided by Spring Security is InMemoryOidcSessionRegistry which isn't compatible with distributed OAuth2 clients.

Context

I'm using spring-cloud-gateway-mvc configured with oauth2Login, the TokenRelay= filter, and Back-Channel Logout. To achieve high availability of k8s deployments, I'd like to have a minimum of two instances running in parallel. Unfortunately, for now, Back-Channel Logout won't work in this configuration.

ch4mpy avatar Feb 20 '25 03:02 ch4mpy