Package com.c4_soft.springaddons.security.oauth2.config.synchronised

Class SpringAddonsBackChannelLogoutBeans.BackChannelLogoutController

java.lang.Object

com.c4_soft.springaddons.security.oauth2.config.synchronised.SpringAddonsBackChannelLogoutBeans.BackChannelLogoutController

Enclosing class:

SpringAddonsBackChannelLogoutBeans

@Component
@RestController
public static class SpringAddonsBackChannelLogoutBeans.BackChannelLogoutController
extends Object

Handles a POST request containing a JWT logout token provided as application/x-www-form-urlencoded as specified in Back-Channel Logout specification.

This end-point will:

• remove the relevant authorized client (based on issuer URI) for the relevant user (based on the subject)
• maybe invalidate user session: only if the removed authorized client was the last one the user had

Author:

Jerome Wacongne ch4mp@c4-soft.com

Constructor Summary

Constructors

Constructor	Description
BackChannelLogoutController(SpringAddonsOAuth2AuthorizedClientRepository authorizedClientRepository, org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository registrationRepo)

Method Summary

Modifier and Type	Method	Description
org.springframework.http.ResponseEntity<Void>	backChannelLogout(org.springframework.util.MultiValueMap<String,String> body)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BackChannelLogoutController

public BackChannelLogoutController(SpringAddonsOAuth2AuthorizedClientRepository authorizedClientRepository,
 org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository registrationRepo)

Method Details

backChannelLogout

@PostMapping(path="/backchannel_logout",
             consumes="application/x-www-form-urlencoded")
public org.springframework.http.ResponseEntity<Void> backChannelLogout(@RequestParam
 org.springframework.util.MultiValueMap<String,String> body)