BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel
https://www.bookstackapp.com/
MIT License
15.43k stars 1.94k forks source link

Implement OIDC Front-Channel / Back-Channel Logout #5279

Open timhallmann opened 1 month ago

timhallmann commented 1 month ago

Describe the feature you'd like

BookStack should provide endpoints for Front-Channel and Back-Channel Logout. This would enable the OpenID Provider to request the termination of a specific session or all sessions associated with a user.

Describe the benefits this would bring to existing BookStack users

Can the goal of this request already be achieved via other means?

No.

Have you searched for an existing open/closed issue?

How long have you been using BookStack?

Not using yet, just scoping

Additional context

Requires #5278 (OIDC session handling).

Prior discussion in #3715 (RP-Initiated Logout).

The necessary specs have been finalized a while ago:

In terms of implementation, both Keycloak and Auth0 support Back-Channel Logout, although I've not looked into the extent of support from other OpenID Providers. Keycloak passes the OpenId Conformance tests for Front/Back-Channel Logout.

Plan to implement Front/Back-Channel Logout:

Alternatively, implement custom sessions.

Notes / Considerations: