Added some logout support

Author: rohe

flask_rp/conf.yaml

@@ -34,12 +34,10 @@ http_params:
   #client_key: "certs/client.key"
 
 keydefs: &keydef
-  -
-    "type": "RSA"
+  - "type": "RSA"
     "key": ''
     "use": ["sig"]
-  -
-    "type": "EC"
+  - "type": "EC"
     "crv": "P-256"
     "use": ["sig"]
 
@@ -49,37 +47,46 @@ session_cookie_name: 'rp_session'
 preferred_url_scheme: 'https'
 
 rp_keys:
-    'private_path': 'private/jwks.json'
-    'key_defs': *keydef
-    'public_path': 'static/jwks.json'
-    # this will create the jwks files if they are absent
-    'read_only': False
+  'private_path': 'private/jwks.json'
+  'key_defs': *keydef
+  'public_path': 'static/jwks.json'
+  # this will create the jwks files if they are absent
+  'read_only': False
 
 client_preferences: &id001
-    application_name: rphandler
-    application_type: web
-    contacts: [[email protected]]
-    response_types: [code]
-    scope: [openid, profile, email, address, phone]
-    token_endpoint_auth_method: [client_secret_basic, client_secret_post]
+  application_name: rphandler
+  application_type: web
+  contacts:
+    - [email protected]
+  response_types:
+    - code
+  scope:
+    - openid
+    - profile
+    - email
+    - address
+    - phone
+  token_endpoint_auth_method:
+    - client_secret_basic
+    - client_secret_post
 
 services: &id002
-  discovery:
+  discovery: &disc
     class: oidcservice.oidc.provider_info_discovery.ProviderInfoDiscovery
     kwargs: {}
-  registration:
+  registration: &regist
     class: oidcservice.oidc.registration.Registration
     kwargs: {}
-  authorization:
+  authorization: &authz
     class: oidcservice.oidc.authorization.Authorization
     kwargs: {}
-  accesstoken:
+  accesstoken: &acctok
     class: oidcservice.oidc.access_token.AccessToken
     kwargs: {}
-  userinfo:
+  userinfo: &userinfo
     class: oidcservice.oidc.userinfo.UserInfo
     kwargs: {}
-  end_session:
+  end_session: &sess
     class: oidcservice.oidc.end_session.EndSession
     kwargs: {}
 
@@ -92,14 +99,31 @@ clients:
     client_preferences: *id001
     issuer: https://127.0.0.1:5000/
     jwks_uri: 'static/jwks.json'
-    redirect_uris: ['https://{domain}:{port}/authz_cb/flop']
-    services: *id002
+    redirect_uris:
+      - 'https://{domain}:{port}/authz_cb/flop'
+    post_logout_redirect_uris:
+      - "https://{domain}:{port}/session_logout"
+    frontchannel_logout_uri: "https://{domain}:{port}/fc_logout/flop"
+    frontchannel_logout_session_required: True
+    backchannel_logout_uri: "https://{domain}:{port}/bc_logout/flop"
+    backchannel_logout_session_required: True
+    services:
+      discovery: *disc
+      registration: *regist
+      authorization: *authz
+      accesstoken: *acctok
+      userinfo: *userinfo
+      end_session: *sess
     add_ons:
       pkce:
         function: oidcservice.oidc.add_on.pkce.add_pkce_support
         kwargs:
           code_challenge_length: 64
           code_challenge_method: S256
+#      status_check:
+#        function: oidcservice.oidc.add_on.status_check.add_status_check_support
+#        kwargs:
+#          rp_iframe_path: "templates/rp_iframe.html"
   bobcat:
     client_id: client3
     client_secret: 2222222222222222222222222222222222222222