Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for back-channel logout #71

Open
ashfame opened this issue Nov 22, 2022 · 1 comment
Open

Support for back-channel logout #71

ashfame opened this issue Nov 22, 2022 · 1 comment

Comments

@ashfame
Copy link
Member

ashfame commented Nov 22, 2022

OIDC spec defines a way to log out the user on OIDC client when a logout happens on provider side i.e. WordPress side in our instance

Reference

Synapse also supports this.
@ashfame
Copy link
Member Author

ashfame commented Feb 27, 2023

2 problems identified:

  • Would only work for Synapse and not other homeservers
  • Can’t always reliably logout since cookies can expire without processing a logout

Homeserver support is less severe than it sounds since SSO is only supported (OIDC in our case) on Synapse, so somebody might be forced to use Synapse anyway.

If we make WordPress to set auth cookie expiration as definite time and not set to expire based on session, then we can set cron events for future to expire Matrix logout at that time. Update time of execution of these cron events as auth cookie expiration increases.

Then there is also the question of goals/intention of the system as the user (site admin), so always processing a logout may not be desired. Hence, adding back-channel logout support isn't that fruitful at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ashfame