Description
Expected Behavior
According to the OIDC spec, the RP-initiated global logout request method could be POST or GET. But currently, the framework doesn't support the POST method.
OpenID Providers MUST support the use of the HTTP GET and POST methods defined in RFC 7231 [RFC7231] at the Logout Endpoint. RPs MAY use the HTTP GET or POST methods to send the logout request to the OP. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization. If using the HTTP POST method, the request parameters are serialized using Form Serialization.
Current Behavior
The OIDC global logout request seems only to support the GET request method in org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler.
Context
My question is: Is there any plan to support this, or is there any suggestions on implementing this at the production code? Thanks.