nginx · javorszky · Sep 19, 2025 · Sep 26, 2025 · Sep 26, 2025 · Sep 26, 2025
@@ -1,6 +1,7 @@
     # Advanced configuration START
     set $internal_error_message "NGINX / OpenID Connect login failure\n";
     set $pkce_id "";
+    set $idp_sid "";
     # resolver 8.8.8.8; # For DNS lookup of IdP endpoints;
     subrequest_output_buffer_size 32k; # To fit a complete tokenset response
     gunzip on; # Decompress IdP responses if necessary
@@ -79,6 +80,13 @@
         js_content oidc.logout;
     }
 
+    location = /front_channel_logout {
+        status_zone "OIDC logout";
+        add_header Cache-Control "no-store";
+        default_type text/plain;
+        js_content oidc.handleFrontChannelLogout;
+    }
+
     location = /_logout {
         # This location is the default value of $oidc_logout_redirect (in case it wasn't configured)
         default_type text/plain;

@@ -20,6 +20,7 @@ proxy_cache_path /var/cache/nginx/jwk levels=1 keys_zone=jwk:64k max_size=1m;
 keyval_zone zone=oidc_id_tokens:1M     timeout=1h sync;
 keyval_zone zone=oidc_access_tokens:1M timeout=1h sync;
 keyval_zone zone=refresh_tokens:1M     timeout=8h sync;
+keyval_zone zone=oidc_sids:1M          timeout=8h sync;
 
 keyval $cookie_auth_token $session_jwt   zone=oidc_id_tokens;     # Exchange cookie for ID token(JWT)
 keyval $cookie_auth_token $access_token  zone=oidc_access_tokens; # Exchange cookie for access token