feat: revoke consent by session id. trigger back channel logout. #2844
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces feature to revoke consent by session id and option to trigger back channel logout.
Use case:
6.1 Logout provider performs
PUT /oauth2/auth/requests/logout/reject
so that user would remain logged in to Application B6.2 Logout provider performs
DELETE /oauth2/auth/sessions/consent?subject=user1&client=applicationA&login_session_id=session1&trigger_backchannel_logout=true
so that user would be logged out from application A (just in case application A did not terminate it's session locally before redirecting to Hydra logout endpoint)Current situation: application A consent from session 1 and session 2 is revoked; backchannel logout is not triggered.
Proposed solution: application A consent only from session 1 is revoked; backchannel logout is triggered.
Triggering backchannel logout is a separate feature and can be used without login_session_id or with all=true parameter.
Related issue(s)
#2666
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further Comments
Tests and documentation will be commited after inital acceptance of the proposed feature.