Back-channel Single Sign Out Support

[kreintjes]

Hi, first of all thanks for the gem! I was wondering if the gem also supports the OpenID Connect back-channel sign out protocol: https://openid.net/specs/openid-connect-backchannel-1_0.html. I could implement this myself by building some controller action for it, but then I would need to perform lots of validations on the jwt_token. I believe many of these validations are already implemented in this gem, so it would be nice if it is possible to reuse that. Is this something that is supported now or can this be achieved somehow?

Since this gem is basically a Rack Middleware (if I understand correctly), I think it would be difficult to access the code of this gem (and the config for the OP defined in the strategy) from a custom controller. Is that correct?

If so, would it be possible to implement the back-channel sign out endpoint in this gem, which when called with a valid token will then execute some block defined in the strategy configuration. That way you would only need to configure the actions to be taken when single sign out is called successfully and all the (JWT) validations can be handled by the gem. Would something like that be possible?