Logging out does not trigger a back-channel logout to OAuth service

[kottkrig]

Expected Behavior

When the user clicks a logout link, Publisher should trigger a Back-Channel Logout so that the user is also logged out from the OAuth provider.

Current Behavior

When the user clicks a logout link, Publisher remove the active user session so that the user is logged out locally from Publisher. However, the OAuth server can still have an active login session.

Possible Solution/Implementation

I'm not very familiar with Symfony but is there a hook or a callback that triggers when a user requests to log out? Maybe it's possible there to add an extra request to the OAuth server. I can have a look at this but I don't really know where to start or where to put the code.