-
Notifications
You must be signed in to change notification settings - Fork 433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request]: Adding logoff POST call #1575
Comments
This makes sense. We will added support for HTTPs POST logout Per default => POST ? |
Sounds good, thank you. |
We have not even started implementing it :), But it does make sense. We will provide appropriate methods. I think I can start on the weekend at the latest. Thanks! |
Thanks @FabianGosebrink |
The documents say that you can subscribe on logoff(), but it doesn't seem to be there anymore. Isn't the logoff() operation asynchronous since it interacts with the OIDC server? |
Where do the docs tell that you can subscribe to a logoff? Could not find it. Thanks. Yes it is asynchronous, but as you are getting redirected, we are doing this internally. Would you like to have got the observable passed out, so that you can subscribe to it? |
This would change the default behavior, as the default is GET now. |
Lets leave this default => GET set a new config, can use a POST good? |
Hi all,
since the OpenID specs https://openid.net/specs/openid-connect-rpinitiated-1_0.html say that
and some OpenID Providers expose also the POST endpoint, would be possible to add the possibility to call logoff with POST method, in a configurable way?
At the moment the call is always a GET (logoff-revocation.service.ts):
Our security office told us not to use the GET call for "security reasons". Basically it is a prudential position due to the fact that my company belongs to a bigger group. They claim that passing any kind of information in clear is somehow a potential threat to the security, even if the data passed is not critical.
Thank you in advance
Best regards
The text was updated successfully, but these errors were encountered: