Provide lightweight (no browser) Logout function OTB

[Matheos96]

This came to mind earlier today at work. I realized it is a bit bothersome having to ensure that the LogoutAsync function is run on a UI Thread in case we have given an IBrowser that for example uses Winforms. I think that logout actions could be quite simply "logout and forget" as I don't often personally care about a redirect etc at that point.

I see that the method is virtual so technically I could create my own override, but would it be wise to either give the default implementation a parameter to somehow avoid the IBrowser use altogether, or create a new LogoutAndForgetAsync (bad name) which would simply use an HttpClient or something to make a single request for the logout (+ whatever oidcclient cleanup needs to be done)?

[leastprivilege]

The logout page might require the cookie for cleanup and logout notifications. The browser cannot be skipped.

You could always create your own programmatic & proprietary logout endpoint if you think that is sufficient for your environment.

[Matheos96]

Right, yeah. Did not consider cookies. And yes, I can always make my own override of course