public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/docs
History
Antonio Aranda Hernández 52c7c6f975 feat: add OIDC back-channel logout support 
Implements https://openid.net/specs/openid-connect-backchannel-1_0.html

When --oidc-backchannel-logout is set (requires --session-store-type=redis),
the proxy exposes POST /oauth2/backchannel-logout. The OIDC provider (e.g.
Keycloak, Azure AD) can POST a signed logout_token to instantly revoke a
user's session server-side without a browser redirect.

Changes:
- oauthproxy.go: BackChannelLogout handler; route registered only when the
  flag is set; validates logout_token JWT per spec §2.4 (nonce absence,
  backchannel-logout event, sid claim)
- pkg/apis/sessions/interfaces.go: BackChannelSessionStore interface with
  ClearBySID(ctx, sessionID) error
- pkg/apis/sessions/session_state.go: SessionID field (sid OIDC claim)
- pkg/sessions/persistence/manager.go: ClearBySID implementation and a
  secondary sid→ticketID index written on every Save
- pkg/sessions/persistence/manager_test.go: unit tests for ClearBySID
- pkg/sessions/tests/mock_store.go: CacheSize() helper for tests
- providers/provider_data.go: BackChannelLogoutSupported field
- providers/provider_data.go: extracts sid claim into SessionState on login
- providers/providers.go: wires oidcConfig.backChannelLogoutEnabled
- pkg/apis/options/providers.go: BackChannelLogoutEnabled option
- pkg/apis/options/legacy_options.go: --oidc-backchannel-logout flag
- oauthproxy_test.go: unit tests for the BackChannelLogout handler
- docs: back-channel logout section in keycloak_oidc.md and openid_connect.md

Signed-off-by: Antonio Aranda Hernández <aaranda@hortichuelas.es>
 		2026-06-03 12:23:25 +02:00
..
docs feat: add OIDC back-channel logout support 2026-06-03 12:23:25 +02:00
src/css Microsoft Entra ID provider (#2390) 2024-12-31 11:46:13 +00:00
static doc: readme overhaul and azure sponsorship (#2826) 2024-10-27 12:12:46 +00:00
versioned_docs release v7.15.2 (#3413) 2026-04-14 13:12:28 +02:00
versioned_sidebars release v7.15.0 (#3378) 2026-03-19 01:10:21 +08:00
.gitignore docs: restructure all options and flags (#2747) 2024-08-20 10:40:27 +02:00
README.md doc: SourceHut documentation fixes (#3170) 2025-08-20 12:02:32 +02:00
babel.config.js Migrate existing documentation to Docusaurus 2020-11-05 15:36:27 +00:00
docusaurus.config.js doc: cncf onboarding and sponsor update 2026-01-17 11:04:43 +01:00
package.json release v7.15.2 (#3413) 2026-04-14 13:12:28 +02:00
sidebars.js docs: split integration.md into separate integration guides (#3299) 2026-01-16 09:37:52 +01:00
versions.json release v7.15.0 (#3378) 2026-03-19 01:10:21 +08:00

README.md

Website

This website is built using Docusaurus 2, a modern static website generator.

Installation

npm install

Local Development

npm start

This command starts a local development server and open up a browser window. Most changes are reflected live without having to restart the server.

Build

npm run build

This command generates static content into the build directory and can be served using any static contents hosting service.

Deployment

GIT_USER=<Your GitHub username> USE_SSH=true npm deploy

If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the gh-pages branch.