Feature #21137
Updated by Peter Amstutz about 1 year ago
https://openid.net/specs/openid-connect-rpinitiated-1_0.html "An RP requests that the OP log out the End-User by redirecting the End-User's User Agent to the OP's Logout Endpoint. This URL is normally obtained via the end_session_endpoint element of the OP's Discovery response or may be learned via other mechanisms." When the user visits the /logout endpoint and endpoint, they should be redirected to @end_session_endpoint@ when OpenID Connect authentication is in use: * if the token looks like an OpenID connect token, try to invalidate it using ??? endpoint use. * return a redirect to @end_session_endpoint@