End Session Endpoint use case

[herks]

I have an internal web service that I would like users to log in to via OIDC. However, they will mostly be accessing the service from lab computers via a standard service user account. I want them to be able to log out so that the next user that uses the service will be forced to give their own IDP credentials.

Is the type of workflow that the the End Session Endpoint is for? Does it solve the older problem of being able to log back in, after logging out, without having the supply user credentials?

edit: Is End Session supported? I saw a PR, and didn't realize it wasn't merged.

[jricher]

It does look like what you're after is the end session functionality. If you take this as generic functionality, you'd still need to prompt the user to log out of the IdP as well. If you could flag the RP as "trusted" then you could potentially skip that confirmation step.

However, end session isn't implemented in this project yet.

[jricher]

Implemented in 1.3.1