kevinchalet
commented
1 week ago Note: as part of https://github.com/openiddict/openiddict-core/pull/2174, the logout endpoint exposed by the server stack was renamed to end-session endpoint, which will avoid any confusion with the backchannel logout endpoint we'll need to implement in the client stack if we decide to support this feature.
Confirm you've already contributed to this project or that you sponsor it
Describe the solution you'd like
Multiple users recently expressed interest for backchannel logout support in OpenIddict.
It shouldn't be terribly complicated to implement, but it requires a new session entity/manager/store.
We also need to determine what the ASP.NET Core/ASP.NET Core Identity story will look like, as we'll need a stable, per-authentication session identifier that isn't reset when the authentication cookie is refreshed: when directly using the cookie handler, a simple GUID/random ID can easily be attached to the
AuthenticationPropertiesbag, but it's a lot more complicated when the sign-in operation is triggered by ASP.NET Core Identity itself.Note: there's still no plans to implement frontchannel logout support as it has always been a clunky specification and no longer works for cross-domain communication due to the ban of third-party cookies enforced by most browser vendors.
Additional context
https://openid.net/specs/openid-connect-backchannel-1_0.html https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-session-1_0.html