[
https://issues.apache.org/jira/browse/SLING-13099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18066777#comment-18066777
]
Martin Knyazyan commented on SLING-13099:
-----------------------------------------
PR pending for the same requirement:
[https://issues.apache.org/jira/projects/SLING/issues/SLING-13119|https://issues.apache.org/jira/projects/SLING/issues/SLING-13119?filter=allopenissues]
> OIDC: Adjust
> org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl's OSGi
> config to support storing ID tokens
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-13099
> URL: https://issues.apache.org/jira/browse/SLING-13099
> Project: Sling
> Issue Type: New Feature
> Components: Extensions
> Reporter: Martin Knyazyan
> Priority: Minor
>
> *The Issue:*
> When implementing {*}RP-initiated logout{*}, Okta (and similar providers)
> requires the {{id_token_hint=<id_token>}} request parameter to successfully
> terminate the session on the IDP side.
> *Technical Gap:*
> Currently,
> *org.apache.sling.auth.oauth_client.impl.SlingUserInfoProcessorImpl* is
> designed to store the access_token and refresh_token on the user node. Since
> the *ID token* is not persisted, we cannot retrieve it to complete the logout
> handshake OOTB.
> *Improvement:*
> We need a standardized process within the OIDC implementation to store and
> access *ID tokens* on the user node, similar to how access and refresh tokens
> are handled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
