Add front channel logout configs to oidc conf

Author: javorszky

internal/configs/oidc/oidc.conf

@@ -1,6 +1,7 @@
     # Advanced configuration START
     set $internal_error_message "NGINX / OpenID Connect login failure\n";
     set $pkce_id "";
+    set $idp_sid "";
     # resolver 8.8.8.8; # For DNS lookup of IdP endpoints;
     subrequest_output_buffer_size 32k; # To fit a complete tokenset response
     gunzip on; # Decompress IdP responses if necessary
@@ -79,6 +80,13 @@
         js_content oidc.logout;
     }
 
+    location = /front_channel_logout {
+        status_zone "OIDC logout";
+        add_header Cache-Control "no-store";
+        default_type text/plain;
+        js_content oidc.handleFrontChannelLogout;
+    }
+
     location = /_logout {
         # This location is the default value of $oidc_logout_redirect (in case it wasn't configured)
         default_type text/plain;

internal/configs/oidc/oidc_common.conf

@@ -20,13 +20,15 @@ proxy_cache_path /var/cache/nginx/jwk levels=1 keys_zone=jwk:64k max_size=1m;
 keyval_zone zone=oidc_id_tokens:1M     timeout=1h sync;
 keyval_zone zone=oidc_access_tokens:1M timeout=1h sync;
 keyval_zone zone=refresh_tokens:1M     timeout=8h sync;
+keyval_zone zone=oidc_sids:1M          timeout=8h sync;
 
 keyval $cookie_auth_token $session_jwt   zone=oidc_id_tokens;     # Exchange cookie for ID token(JWT)
 keyval $cookie_auth_token $access_token  zone=oidc_access_tokens; # Exchange cookie for access token
 keyval $cookie_auth_token $refresh_token zone=refresh_tokens;     # Exchange cookie for refresh token
 keyval $request_id $new_session          zone=oidc_id_tokens; # For initial session creation
 keyval $request_id $new_access_token     zone=oidc_access_tokens;
 keyval $request_id $new_refresh          zone=refresh_tokens; # ''
+keyval $idp_sid $client_sid              zone=oidc_sids;
 
 auth_jwt_claim_set $jwt_audience aud; # In case aud is an array
 js_import oidc from oidc/openid_connect.js;