Skip to content

oidc: add support for validating back-channel logout tokens#486

Merged
ericchiang merged 1 commit into
coreos:v3from
ericchiang:ericchiang/backchannel-logout
Jun 17, 2026
Merged

oidc: add support for validating back-channel logout tokens#486
ericchiang merged 1 commit into
coreos:v3from
ericchiang:ericchiang/backchannel-logout

Conversation

@ericchiang

Copy link
Copy Markdown
Collaborator

This PR adds support for OpenID Connect Back-Channel Logout, where a relying party can receive a POST request from an identity provider indicating a user's sessions should be revoked.

Because so much of this logic replicates the ID Token claims checks, the API has been added to the existing IDTokenVerifier with a new VerifyLogout method to go with the existing Verify method.

A full example app that has been tested against Auth0's Back-Channel logout support is added to examples.

https://openid.net/specs/openid-connect-backchannel-1_0.html

Fixes #251
Fixes #211
Fixes #458

This PR adds support for OpenID Connect Back-Channel Logout, where a
relying party can receive a POST request from an identity provider
indicating a user's sessions should be revoked.

Because so much of this logic replicates the ID Token claims checks, the
API has been added to the existing IDTokenVerifier with a new
VerifyLogout method to go with the existing Verify method.

A full example app that has been tested against Auth0's Back-Channel
logout support is added to examples.

https://openid.net/specs/openid-connect-backchannel-1_0.html
@ericchiang ericchiang merged commit 4204f0b into coreos:v3 Jun 17, 2026
2 checks passed
@ericchiang ericchiang deleted the ericchiang/backchannel-logout branch June 17, 2026 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Logout support Logout Token Validation Support?

1 participant