Skip to content

Latest commit

 

History

History
76 lines (62 loc) · 3.22 KB

back-channel-logout.mdx

File metadata and controls

76 lines (62 loc) · 3.22 KB
title date sidebar redirect_from
BFF Back-Channel Logout Endpoint Extensibility
2022-12-29 10:22:12 +0200
label order
Back-Channel Logout
60
/bff/v2/extensibility/management/back-channel-logout/
/bff/v3/extensibility/management/back-channel-logout/
/identityserver/v5/bff/extensibility/management/back-channel-logout/
/identityserver/v6/bff/extensibility/management/back-channel-logout/
/identityserver/v7/bff/extensibility/management/back-channel-logout/

import { Aside, Code } from "@astrojs/starlight/components"; import { Tabs, TabItem } from "@astrojs/starlight/components";

The back-channel logout endpoint has several extensibility points organized into two interfaces. The IBackchannelLogoutEndpoint is the top-level abstraction that processes requests to the endpoint. This service can be used to add custom request processing logic or to change how it validates incoming requests. When the back-channel logout endpoint receives a valid request, it revokes sessions using the ISessionRevocationService.

In BFF V3, the `IBackchannelLogoutEndpoint` interface is called `IBackchannelLogoutService` instead.

Request Processing

You can customize the behavior of the back-channel logout endpoint by implementing the `ProcessRequestAsync` method of the `IBackchannelLogoutEndpoint` interface. The [default implementation][1] can serve as a starting point for your own implementation. 
    If you want to extend the default behavior of the back-channel logout endpoint, you can instead add a custom endpoint and
    call the original endpoint implementation:

    <Code
        lang="csharp"
        title="Program.cs"
        code={`

var bffOptions = app.Services.GetRequiredService<IOptions>().Value;

app.MapGet(bffOptions.BackChannelLogoutPath, async (HttpContext context, CancellationToken ct) => { // Custom logic before calling the original endpoint implementation var endpointProcessor = context.RequestServices.GetRequiredService(); await endpointProcessor.ProcessRequestAsync(context, ct); // Custom logic after calling the original endpoint implementation }); } /> </TabItem> <TabItem label="V3"> ProcessRequestAsyncis the top-level function called in the endpoint serviceDefaultBackchannelLogoutService`, and can be used to add arbitrary logic to the endpoint.

    For example, you could take whatever actions you need before normal processing of the request like this:

    <Code
        lang="csharp"
        code={`

public override Task ProcessRequestAsync(HttpContext context, CancellationToken ct) { // Custom logic here

return base.ProcessRequestAsync(context);

} `}/>

Session Revocation

The back-channel logout service will call the registered session revocation service to revoke the user session when it receives a valid logout token. To customize the revocation process, implement the ISessionRevocationService.