Martin Knyazyan created SLING-13099:
---------------------------------------
Summary: Adjust
org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl's OSGi
config to support storing ID tokens
Key: SLING-13099
URL: https://issues.apache.org/jira/browse/SLING-13099
Project: Sling
Issue Type: New Feature
Components: Extensions
Reporter: Martin Knyazyan
*The Issue:*
When implementing {*}RP-initiated logout{*}, Okta (and similar providers)
requires the {{id_token_hint=<id_token>}} request parameter to successfully
terminate the session on the IDP side.
*Technical Gap:*
Currently, {{org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl
}}is only designed to store the {{access_token}} and {{refresh_token}} on the
user node. Since the *ID token* is not persisted, we cannot retrieve it to
complete the logout handshake OOTB.
*Improvement:*
We need a standardized process within the OIDC implementation to store and
access *ID tokens* on the user node, similar to how access and refresh tokens
are handled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
