Client logout without logging completely out of the IDP

Question

Client logout without logging completely out of the IDP

kdudley21 opened this issue 6 months ago · comments

kdudley21 commented 6 months ago

Confirm you've already contributed to this project or that you sponsor it

I confirm I'm a sponsor or a contributor

Version

5.1.0

Question

Is there a way to log a user out of a specific application/client without logging them completely out of the IDP ?

Kévin Chalet · Answer 1 · Wed Feb 07 2024 06:09:10 GMT+0800 (China Standard Time)

Is there a way to log a user out of a specific application/client without logging them completely out of the IDP ?

Nope, backchannel logout is not currently supported (and frontchannel logout is a dead feature due to the ban of third-party cookies in recent browsers).

What's your scenario?

kdudley21 · Answer 2 · Wed Feb 07 2024 06:15:14 GMT+0800 (China Standard Time)

Thanks !

This isnt currently required but lets say a user is authenticated in application A and application B. The user logs out of application A but wants to stay logged into application B.

The more I think about it the user would still be logged into application B by default since it has already performed the authentication process. So I think I'm good and I am just overthinking scenarios.

Kévin Chalet · Answer 3 · Wed Feb 07 2024 06:32:59 GMT+0800 (China Standard Time)

The more I think about it the user would still be logged into application B by default since it has already performed the authentication process.

Ah yeah, most clients keep a local session that is independent from the IdP session (typically, by simply using an authentication cookie): clearing your session from client B doesn't affect client A.

kdudley21 · Answer 4 · Wed Feb 07 2024 07:38:29 GMT+0800 (China Standard Time)

Yep! Thanks again for all your help!