Package org.springframework.security.config.web.server

Class ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer

java.lang.Object
org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
Enclosing class:
ServerHttpSecurity.OidcLogoutSpec
public final class ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer extends Object
A configurer for configuring OIDC Back-Channel Logout

  • Constructor Details

    • BackChannelLogoutConfigurer

      public BackChannelLogoutConfigurer()

  • Method Details

    • logoutUri

      public ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer logoutUri(String logoutUri)
      Use this endpoint when invoking a back-channel logout.

      The resulting LogoutHandler will POST the session cookie and CSRF token to this endpoint to invalidate the corresponding end-user session.

      Supports URI templates like {baseUrl}, {baseScheme}, and {basePort}.

      By default, the URI is set to {baseScheme}://localhost{basePort}/logout, meaning that the scheme and port of the original back-channel request is preserved, while the host and endpoint are changed.

      If you are using Spring Security for the logout endpoint, the path part of this URI should match the value configured there.

      Otherwise, this is handy in the event that your server configuration means that the scheme, server name, or port in the Host header are different from how you would address the same server internally.

      Parameters:
      logoutUri - the URI to request logout on the back-channel
      Returns:
      the OidcLogoutConfigurer.BackChannelLogoutConfigurer for further customizations
      Since:
      6.2.4