Customize post_logout_redirect_uri
validation in OIDC RP-initiated logout
#1693
Labels
post_logout_redirect_uri
validation in OIDC RP-initiated logout
#1693
Context
In local development scenarios, some auth servers relax some specified constraints. For example, in Tanzu, we have use-cases where we remove
redirect_uri
validation inOAuth2AuthorizationCodeRequestAuthenticationProvider
through theOAuth2AuthorizationCoderRequestAuthenticationProvider#setAuthenticationValidator
hook.Feature request
We want to turn off
post_logout_redirect_uri
validation inOidcLogoutAuthenticationProvider
, but it is currently hardcoded.We would like to have a similar
#setAuthenticationValidator
inOidcLogoutAuthenticationProvider
. We are interested in the redirect uri validation, but maybe this extends to the client identity (e.g.aud
claim).Workaround
For our workaround, we have custom
OidcLogoutAuthenticationProvider
that wraps around the original, and modifies the client registration (not great). We rely on our customRegisteredClientRepository
andRegisteredClient
implementations:Happy to contribute a PR if that's a valid use-case.
The text was updated successfully, but these errors were encountered: