Consider supporting backchannel logout #2175
Description
Confirm you've already contributed to this project or that you sponsor it
- I confirm I'm a sponsor or a contributor
Describe the solution you'd like
Multiple users recently expressed interest for backchannel logout support in OpenIddict.
It shouldn't be terribly complicated to implement, but it requires a new session entity/manager/store.
We also need to determine what the ASP.NET Core/ASP.NET Core Identity story will look like, as we'll need a stable, per-authentication session identifier that isn't reset when the authentication cookie is refreshed: when directly using the cookie handler, a simple GUID/random ID can easily be attached to the AuthenticationProperties bag, but it's a lot more complicated when the sign-in operation is triggered by ASP.NET Core Identity itself.
Note: there's still no plans to implement frontchannel logout support as it has always been a clunky specification and no longer works for cross-domain communication due to the ban of third-party cookies enforced by most browser vendors.
Additional context
https://openid.net/specs/openid-connect-backchannel-1_0.html
https://openid.net/specs/openid-connect-frontchannel-1_0.html
https://openid.net/specs/openid-connect-session-1_0.html