Use-case: I need the authorization-server (Auth0) to notify a list of registered OAuth2 clients (server-side rendered UI and BFF) that a user session was terminated (logout event) to cascade this session invalidation to their own sessions.
Thanks for creating this feedback card! Make sure to upvote it so that it attracts as much attention from other users as possible. We review those feedback cards on a monthly basis and will get back to you as soon as we have any updates to share!
@konrad.sopala done. Hope this will be enough to attract attention from Auth0 product owners too as it is, as far as I could find from the doc, a missing OpenID feature.
I’m trying to implement the backchannel logout feature. Is there anyway to generate the logout_token for testing? Get a logout_token on the Dashboard>Application>Sessions page would be helpful.
Got some happy update for you. Our engineering team has this item in their backlog as part of our general access scopes. Once we have more public updates on that front I’ll make sure to relay it!
I am drafting Back-Channel Logout implementations for Spring webmvc and webflux OAuth2 clients. I’ll share it here as soon as the feature is available.
It contains implementations of client side Back-Channel Logout for both servlet and reactive applications.
Those implementations are activated by thin wrappers around spring-boot-starter-oauth2-client which come with other useful features (and are off course compatible with Boot 3 and Auth0).
I could try the Back-Channel Logout with Keycloak. Can’t wait to try it with Auth0 too.
We are interested in this feature. Could you please provide us with an estimated timeline for its implementation? Also, could you confirm whether it’s currently included in the project roadmap or is it still pending in the backlog?