Can the Backchannel-Logout feature in IdentityServer 4 be used to reject a Logout-Token resulting in a bad request?

asked 2022-05-26 11:00:00 +0000

plato
56 ●5 ●5

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2021-04-09 00:00:00 +0000

scrum
21 ●2 ●2

Yes, the Backchannel-Logout feature in IdentityServer 4 can be used to reject a Logout-Token resulting in a bad request. When a Logout-Token is received, the validation of the token can be done, and if the token is invalid or if some required parameters are missing or incorrect, a bad request response can be sent back to the issuer. This ensures that only valid tokens are accepted, and helps to prevent any unauthorized or erroneous logout requests.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer

Question Tools

Stats

Asked: 2022-05-26 11:00:00 +0000

Seen: 15 times

Last updated: Apr 09 '21

Can the Backchannel-Logout feature in IdentityServer 4 be used to reject a Logout-Token resulting in a bad request? edit

1 Answer