Make CSRF on logout route optional

[Miroka96]

Hi everybody!

Is your feature request related to a problem? Please describe.
I am using Nextcloud with the Social Login App, which has a Keycloak (OpenID Connect) configured. When I log into Nextcloud using my SSO-Keycloak-Account, which is linked to a native Nextcloud account, everything is fine. If I then log out of my Keycloak account using other apps, my Nextcloud session stays alive (probably until the cookie expires...).
Keycloak supports a Logout URL for my Nextcloud OpenID Connect client, so I set it to https://cloud.example.com/logout. When I log out of my Keycloak account, Nextcloud's logout-URL is called. Currently, this call fails with a Access forbidden CSRF check failed message.

Describe the solution you'd like
I want to have a static URL that I can call to force my current client to log out. In my opinion, I probably don't need CSRF checks for logout, so I would be fine with having a config option that disables CSRF checks on the logout route.

Describe alternatives you've considered
Manually logging out is not really an option, because I want to trust that all applications are logged out when I log out of SSO.

Additional context
None

Cheers,
Miroka

[szaimen]

As this sounds like a nice feature, the requests for this are quite low. Currently there are no plans to implement such a feature. Thus I will close this ticket for now. This does not mean we don't want this feature, but it is simply not on our roadmap for the near future. If somebody wants to implement this feature nevertheless we are happy to assist and help out.If you wish to have this feature implemented by the Nextcloud GmbH there is the option for consulting work on top of your Nextcloud Enterprise subscription to get your features implemented.