org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler

public final class OidcBackChannelServerLogoutHandler extends Object implements ServerLogoutHandler

A ServerLogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.

Since:

6.4

See Also:

Constructor Details
- OidcBackChannelServerLogoutHandler
  
  public OidcBackChannelServerLogoutHandler(ReactiveOidcSessionRegistry sessionRegistry)
Method Details
- logout
  
  public reactor.core.publisher.Mono<Void> logout(WebFilterExchange exchange, Authentication authentication)
  
  Description copied from interface: ServerLogoutHandler
  
  Invoked when log out is requested
  
  Specified by:
  
  logout in interface ServerLogoutHandler
  
  Parameters:
  
  exchange - the exchange
  
  authentication - the Authentication
  
  Returns:
  
  a completion notification (success or error)
- setLogoutUri
  
  public void setLogoutUri(String logoutUri)
  
  Use this logout URI for performing per-session logout. Defaults to /logout since that is the default URI for LogoutFilter.
  
  Parameters:
  
  logoutUri - the URI to use
- setSessionCookieName
  
  public void setSessionCookieName(String sessionCookieName)
  
  Use this cookie name for the session identifier. Defaults to JSESSIONID.
  Note that if you are using Spring Session, this likely needs to change to SESSION.
  
  Parameters:
  
  sessionCookieName - the cookie name to use

Class OidcBackChannelServerLogoutHandler

Constructor Summary