Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Back-Channel Logout #1087

Open
schjonhaug opened this issue Aug 23, 2024 · 0 comments
Open

Support for Back-Channel Logout #1087

schjonhaug opened this issue Aug 23, 2024 · 0 comments

Comments

@schjonhaug
Copy link

schjonhaug commented Aug 23, 2024

Is your feature request related to a problem you're having? Please describe.
The current SDK does not support a direct back-channel logout mechanism for OpenID Connect 1.0. This limitation makes it difficult to securely log out users across multiple Relying Parties (RPs) without depending on the User Agent. The reliance on front-channel logout methods can lead to inconsistencies and potential security vulnerabilities, as the User Agent may not reliably propagate logout requests to all RPs.

Describe the solution you'd like
I would like the SDK to include support for a direct back-channel logout mechanism for OpenID Connect 1.0. This would allow the SDK to facilitate secure and consistent communication between the OpenID Provider (OP) and the Relying Parties (RPs) during logout events, without involving the User Agent. Implementing this feature would enhance the reliability and security of the logout process in applications using the SDK.

Describe alternatives you've considered
An alternative is to continue using the existing front-channel logout mechanism within the SDK, where the User Agent is used to relay logout requests from the OP to the RPs. However, this approach is less secure and can result in unreliable logout behavior, especially in cases where the User Agent does not effectively communicate the logout request to all RPs.

Additional context
Adding support for a back-channel logout mechanism in the SDK would align with the security standards of OpenID Connect, offering developers a more robust tool for managing user sessions. This feature would ensure a more reliable and secure logout process across multiple RPs, which is essential for maintaining high security and user trust in applications built with the SDK.

Cross-posted to the iOS SDK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant