Open jameshbarton opened 2 years ago
...actually maybe an even more concrete question - when the /logout configured in Gloo is configured, does that implementation also calls the revocation_endpoint (and/or end_session.. one) from the IdP as well? Or there should be a page somewhere behind the /logout which should call the revocation_endpoint (and end_session...) itself?
In our case, we use ForgeRock for IdP. The "well known" endpoints for it include: _"end_session_endpoint": "https://.....forgeblocks.com:443/am/oauth2/realm1/connect/endSession", "revocationendpoint": "https://.....forgeblocks.com:443/am/oauth2/realm1/token/revoke",
Does Gloo hit these endpoints, or we need to?
Thanks!
Does Gloo hit these endpoints, or we need to?
Hey @sebastian-popa , The /logout endpoint should take care of session cleanup without you providing any extra application-level code.
This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.
Describe the requested changes Expand our OAuth/OIDC docs to describe how token revocation in identity provider is handled by Gloo Edge. Answer questions like:
Link to any relevant existing docs
Additional context Internal customer discussion: https://solo-io.slack.com/archives/C02KABQFD0A/p1638370366077000