Call end_session_endpoint with ApplicationLogoutController for OpenID Connect client

[Bruce]

Hello,

I'm evaluating pac4j-play with Keycloak as an Identity Provider.  In my SecurityModule I configure an OidcClient with Keycloak's discovery URI.  The end_session_endpoint is part of the OpenID discovery metadata however, I didn't see a way to configure the ApplicationLogoutController to hit this endpoint - was the intention to not provide this functionality?  Maybe I'm missing something.

https://openid.net/specs/openid-connect-session-1_0.html#OPMetadata

thanks,

Bruce

[Jérôme LELEU]

Hi,

The ApplicationLogoutController is meant to terminate the web session locally (client side), but indeed, there is a wider topic about logout (happening on server side). It has not been addressed yet, even if it's tracked: https://github.com/pac4j/pac4j/issues/54. It could work by adding some logout(profile, webContext) method to the Client interface. It needs to be thought carefully.

For now, the OidcProfile has the ID token which could be used to create the logout request to sent to your identity provider. So I guess you can develop it on your own.

We could starting working on this in pac4j v1.9 (next version). Any input / code share will be appreciated.

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.