Description
Describe the bug
I am trying to make the Back-Channel Logout work with an OIDC client registered with an id_token_signed_response_alg of ES512 but when my OP send the POST request to the client app, I get a com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found exception.
It looks like during the Back-Channel logout flow, the previously defined JwtDecoderFactory is not used to decode the Logout Token.
The Back-Channel logout works just fine when the client application is configured with an id_token_signed_response_alg of RS256 (default algorithm) and the custom JwtDecoderFactory removed.
I am using Spring Security 6.4.0-SNAPSHOT because some things weren't implemented in 6.3.
To Reproduce
Use a back-channel logout with an id_token_signed_response_alg different from RS256 (which is the default)
Expected behavior
The expected behaviour would be to have the back-channel logout work using the same id_token_signed_response_alg as the one for the login process, that was already customized.