Open riccardo-noviello-moj opened 5 months ago
alex9smith
commented
5 months ago Hi @riccardo-noviello-moj 👋🏻
This app does support backchannel logout (see https://github.com/govuk-one-login/di-account-management-frontend/blob/main/src/components/global-logout/global-logout-controller.ts) and I would expect that you are logged out of account management if you log out via a different service.
Are you saying that mechanism isn't working properly?
riccardo-noviello-moj
commented
5 months ago Hi @riccardo-noviello-moj 👋🏻
This app does support backchannel logout (see https://github.com/govuk-one-login/di-account-management-frontend/blob/main/src/components/global-logout/global-logout-controller.ts) and I would expect that you are logged out of account management if you log out via a different service.
Are you saying that mechanism isn't working properly?
Yes it's definitively not working for us on the integration account I haven't tried the production account
alex9smith
commented
5 months ago Ok, thank you for letting us know. I'll pass onto the team for investigation
For a better user experience it would be preferable if the user was logged out all their active OneLogin sessions including the account management frontend.
Backchannel docs I am referring to https://docs.sign-in.service.gov.uk/integrate-with-integration-environment/log-your-users-out/#responding-to-logout-notifications-from-gov-uk-one-login
Example Scenario:
Given I am logged with my OneLogin account to GOVUK Service X And I am logged in https://integration.account.gov.uk/security When I click logout on Service X Then I should also be logged out on https://integration.account.gov.uk/security
Actual, https://home.integration.account.gov.uk/security I still have an active session