Ask Your Question

What is the method to logout a user in node-oidc-provider without revoking grants?

asked 2022-07-24 11:00:00 +0000

lalupa gravatar image

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-01-11 13:00:00 +0000

david gravatar image

To logout a user in node-oidc-provider without revoking grants, you can use the Front-Channel Logout (FCL) mechanism provided by the OpenID Connect specification. This allows the client application to notify the IDP that the user has been logged out, without the IDP having to revoke any grants.

To implement FCL in node-oidc-provider, you need to first enable it in your configuration by setting the features.frontchannelLogout property to true. Then, you need to add a route to your application that can receive POST requests from clients that contain a logout_token parameter.

When a user logs out of the client application, it should initiate a GET request to the IDP's authorize endpoint with the prompt=logout parameter. This will trigger the IDP to generate a logout token and redirect the user back to the client application's logout URL with the logout token as a query parameter.

The client application should then POST the logout token to the FCL route on the IDP's server, which will trigger the IDP to broadcast a logout message to all clients that have active sessions with the same user. The clients can then either logout the user immediately or wait until the user initiates a new request and then log them out.

Note that FCL is not a foolproof mechanism, as it relies on the client application to initiate the logout process and may not work in all scenarios (e.g. if the user's browser crashes). In these cases, you may need to fall back to revoking grants as a more reliable way to log out the user.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer

Question Tools


Asked: 2022-07-24 11:00:00 +0000

Seen: 9 times

Last updated: Jan 11 '22