Skip to content

feat(oxauth): add client_id parameter support to /end_session #1862

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
feat(oxauth): add client_id parameter support to /end_session#1862
Assignees
yuriyz
Labels
enhancementlibs update, re-factroring, etc.
Milestone
 
4.5.2
@yuriyz

Description

@yuriyz
yuriyz
opened on Aug 28, 2023

Describe the issue

feat(oxauth): add client_id parameter support to /end_session

Support: 11416

Motivation

Corner case is when session is expired and grant object is expired (or revoked) and AS is not able to identify client.

Obviously if AS can't identify client (due to missed session and id_token_hint) it falls back to global validation via clientWhiteList and allowPostLogoutRedirectWithoutValidation=true.

If we want to avoid global clientWhiteList question is still the same, how AS should figure out client if session and id_token_hint is not there ?

One possible solution is to pass client_id explicitly, so AS will do following:

  1. get client from session
  2. if no session -> get client from id_token_hint
  3. if grant object for id_token_hint is not there -> take client by client_id.
  4. client_id parameter is just an idea, it's not supported however it can be implemented.

Metadata

Assignees

Labels

enhancementlibs update, re-factroring, etc.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions