Feature Request: Support End Session (and Generic External User-Agent requests) #374
Comments
|
Which version does AppAuth-Android plan to release user signout? |
|
We don't know, no-one has started the work yet. |
|
So till now the end session logout point has not been implemented for AppAuth-Android? My effort to make the call to the end sessions logout point is successful yet the application is still redirected into the application. Can you suggest an alternative till an actual fix is released? |
|
Hi guys , |
|
I see there has been some work and documentation on this. Is there any plan or roadmap for this? |
|
Thanks to @smokienko and a very long process there is a working end-session support solution as part of the library. Closing this topic for now, and let's pick it up with specific issues regarding the current implementation. |
NB. I don't personally have this requirement, creating this issue to serve as the canonical thread for this common feature request.
On AppAuth for iOS, we made two recent changes in support of the OpenID End Session (RP Logout) endpoint, as follows:
1/ Generalized the External User-Agent request logic
Previously we had just one external user-agent request, so all the APIs related to opening that request in the browser, and the various associated logic were specific to that one request. We generalized those APIs so as to support any external user-agent request, so now Authorization Request was just a specialization of that (enabling the End Session Request to be as well).
2/ Implemented the End Session logout endpoint.
We implemented the specification documented by Section 5 of Draft 28 of OpenID Connect Session Management 1.0. Note: be sure to use that document, as there are some out-dated, and duplicative drafts floating around (Front-Channel logout for example has duplicated, and out of sync, information).
The text was updated successfully, but these errors were encountered: