Skip to content

Consider removing one level of the OIDC Backchannel Logout DSL #15817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jzheaux opened this issue Sep 16, 2024 · 2 comments · May be fixed by #16698
Open

Consider removing one level of the OIDC Backchannel Logout DSL #15817

jzheaux opened this issue Sep 16, 2024 · 2 comments · May be fixed by #16698
Assignees
@alswp006
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Sep 16, 2024

To active OIDC Back-Channel Logout support in the DSL, an application does this:

http
    .oidcLogout((oidc) -> oidc.backChannel(Customizer.withDefaults())
    )

This could be simplified to:

http
   .oidcBackChannelLogout(Customizer.withDefaults())

This would be place the logout DSL at the same level as other logout DSLs:

http
    .logout((logout) -> logout ...)
    .saml2Logout((saml2) -> saml2 ...
    .oidcBackChannelLogout((oidc) -> oidc ...)

Also, it's less nesting which often makes the DSL more navigable.

This would mean deprecating the existing backChannel DSL method with the intent to remove in the next major version.
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Sep 16, 2024
@jzheaux jzheaux added this to the General Backlog milestone Sep 16, 2024
@alswp006
Copy link

alswp006 commented Oct 1, 2024

Hi, I’d like to work on this issue. May I take it on?

@jzheaux
Copy link
Contributor Author

jzheaux commented Oct 28, 2024

Hi, @alswp006! Yes, thanks for offering.

@jzheaux jzheaux modified the milestones: General Backlog, 6.5.x Oct 28, 2024
alswp006 added a commit to alswp006/spring-security that referenced this issue Mar 2, 2025
@alswp006
feat: Add oidcBackChannelLogout DSL and deprecate backChannel() method
1a3c64e 
- Introduced a new HttpSecurity method: oidcBackChannelLogout(Customizer.withDefaults())
  to simplify OIDC Back-Channel Logout configuration.
- Modified OidcLogoutConfigurer: marked backChannel(Customizer<...>) as deprecated
  (since 6.2, forRemoval = true) and updated its JavaDoc to recommend using
  the new DSL method.
- Added tests (oidcBackChannelLogoutWhenDefaultsThenRemotelyInvalidatesSessions) to verify
  that the new DSL correctly registers OidcBackChannelLogoutFilter and invalidates sessions.

Closes spring-projectsgh-15817
Signed-off-by: Minje Kim <[email protected]>
@alswp006 alswp006 linked a pull request Mar 6, 2025 that will close this issue
Open
@jzheaux jzheaux removed this from the 6.5.x milestone Apr 6, 2025
alswp006 added a commit to alswp006/spring-security that referenced this issue Apr 6, 2025
@alswp006
Add oidcBackChannelLogout
b0b8a18 
This commit introduces the new top-level DSL method
`oidcBackChannelLogout(Customizer<OidcLogoutConfigurer<HttpSecurity>>)` to simplify
OIDC Back-Channel Logout configuration. The new method creates an OidcLogoutConfigurer
internally and applies default back-channel configuration. Additionally, the deprecated
`backChannel(Customizer)` method in OidcLogoutConfigurer has been updated to include
the @SInCE tag of 6.5, along with updated documentation recommending the use of the new DSL.

Closes spring-projectsgh-15817

Sorry for the delay – I was tied up with company work.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alswp006 alswp006

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Simplify OIDC Back-Channel Logout DSL (Closes gh-15817) alswp006/spring-security
2 participants
@jzheaux @alswp006