Support OpenID Connect Back-Channel Logout #1200
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Expected Behavior
Support OpenID Connect Back-Channel Logout.
If the OpenID Provider supports OpenID Connect Discovery 1.0, it uses this metadata value to advertise its support for back-channel logout:
backchannel_logout_supported
OPTIONAL. Boolean value specifying whether the OP supports back-channel logout, with true indicating support. If omitted, the default value is false.
It SHOULD also register this related metadata value:
backchannel_logout_session_supported
OPTIONAL. Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP. If omitted, the default value is false.
sid
OPTIONAL. Session ID - String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different sid values are used to identify distinct sessions at an OP. The sid value need only be unique in the context of a particular issuer. Its contents are opaque to the RP. Its syntax is the same as an OAuth 2.0 Client Identifier.
Current Behavior
Not yet support.
Context
It is very necessary to Support OpenID Connect Back-Channel Logout. In a microservice system, we can use this feature to unify the session logout function for different services to manage users.
The text was updated successfully, but these errors were encountered: