Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

single sign on - Okta backchannel logout for OIDC

I'm wanting to incorporate an OIDC sign in flow to my single page webapp through an Okta app.

However, I want the session of the user that signed in through Okta in my system to be tied to their Okta session (i.e. if they log out of Okta, or they lose access to my app in Okta, they will be logged out of my webapp).

It seems that backchannel logout is the way to achieve this with OIDC. Does Okta support backchannel logout?


As a side note, it appears that some Okta apps have figured out a way to do this already. For example, if I lose access to the Slack app in Okta, my Slack account is immediately frozen...so there is some kind of communication from Okta ---> Slack in that case. Maybe they are using SAML for that?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Back channel logout doesn't seem to be supported right now.

For achieving this behavior, you might have to make your app session rely on okta session. Your app session would be valid as long as okta session is valid. If the user wants to logout of the webapp, you might have to call delete /api/v1/session.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...