Front-Channel vs. Back-Channel Logout
Compare and contrast front-channel and back-channel logout strategies for effective session termination across different clients.
Logging Out in OIDC
When you log out of an application, it might seem simple. You click a button, and you're out. But in systems using OpenID Connect (OIDC) or OAuth2, it's more complex.
A user often has a session with the Identity Provider (IdP) and potentially multiple client applications. A true logout means terminating all these related sessions.
The Single Logout Challenge
Single Logout (SLO) aims to log a user out of all connected applications when they initiate logout from just one. Sounds great, right?
The challenge is ensuring all clients, potentially across different domains, reliably receive and act on the logout request from the Identity Provider (IdP). This isn't always straightforward.
All lessons in this course
- Consent & User Experience
- Cross-Origin Resource Sharing (CORS)
- Front-Channel vs. Back-Channel Logout
- Sender-Constrained Tokens with mTLS