Support for back-channel logout

[ashfame]

OIDC spec defines a way to log out the user on OIDC client when a logout happens on provider side i.e. WordPress side in our instance

Reference

Synapse also supports this.

[ashfame]

2 problems identified:

• Would only work for Synapse and not other homeservers
• Can’t always reliably logout since cookies can expire without processing a logout

Homeserver support is less severe than it sounds since SSO is only supported (OIDC in our case) on Synapse, so somebody might be forced to use Synapse anyway.

If we make WordPress to set auth cookie expiration as definite time and not set to expire based on session, then we can set cron events for future to expire Matrix logout at that time. Update time of execution of these cron events as auth cookie expiration increases.

Then there is also the question of goals/intention of the system as the user (site admin), so always processing a logout may not be desired. Hence, adding back-channel logout support isn't that fruitful at the moment.