Closed zandbelt closed 4 years ago
I'll look at this when I'm back from town and has delta with #203 .
Do you set backchannel_logout_session_required=True while doing dynamic client registration?
OK, it seems it's something we should fix in pyOIDC but I can deal with it in oidctest for the time being. One way is just having the OP say backchannel_logout_session_supported=False :-/ But granted we want to allow backchannel_logout_session_supported=True then I can probably deal with this in the oidctest code.
Pushed a oidctest version that should fix this issue as well as #203. Bumped the version a notch to keep it apart from earlier version.
As I stated earlier to fix the general issue properly we will need to modify pyOIDC. I have applied a hack to oidctest that will fix your particular problem.
When executing
rp-backchannel-rpinitlogout
it appears that there's no sid in theid_token
but there's asid
in the logout_token. I'm believe that if thesid
is present in the logout token, it should have also been present in theid_token
, otherwise it should be omitted from both and the code should just rely onsub
.id_token:
logout_token: