org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler

public final class OidcBackChannelLogoutHandler extends Object implements LogoutHandler

A LogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.

Since:

6.4

See Also:

Constructor Details
- OidcBackChannelLogoutHandler
  
  public OidcBackChannelLogoutHandler(OidcSessionRegistry sessionRegistry)
Method Details
- logout
  
  public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication)
  
  Description copied from interface: LogoutHandler
  
  Causes a logout to be completed. The method must complete successfully.
  
  Specified by:
  
  logout in interface LogoutHandler
  
  Parameters:
  
  request - the HTTP request
  
  response - the HTTP response
  
  authentication - the current principal details
- setLogoutUri
  
  public void setLogoutUri(String logoutUri)
  
  Use this logout URI for performing per-session logout. Defaults to /logout since that is the default URI for LogoutFilter.
  
  Parameters:
  
  logoutUri - the URI to use
- setSessionCookieName
  
  public void setSessionCookieName(String sessionCookieName)
  
  Use this cookie name for the session identifier. Defaults to JSESSIONID.
  Note that if you are using Spring Session, this likely needs to change to SESSION.
  
  Parameters:
  
  sessionCookieName - the cookie name to use

Class OidcBackChannelLogoutHandler

Constructor Summary