Support configuring Back-Channel Logout URLs for a Client #202
Conversation
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #202 +/- ##
=======================================
Coverage 94.99% 95.00%
=======================================
Files 38 38
Lines 7011 7023 +12
=======================================
+ Hits 6660 6672 +12
Misses 280 280
Partials 71 71
☔ View full report in Codecov by Sentry. |
| @@ -110,6 +110,9 @@ type Client struct { | |||
|
|
|||
| // If `true` then the client will require Pushed Authorization Requests | |||
| RequirePushedAuthorizationRequests *bool `json:"require_pushed_authorization_requests,omitempty"` | |||
|
|
|||
| // URLs that are valid to call back from Auth0 for OIDC backchannel logout. | |||
| OIDCBackchannelLogout *OIDCBackchannelLogout `json:"oidc_backchannel_logout,omitempty"` | |||
There was a problem hiding this comment.
What happens if a user tries to set this value but the tenant doesn't have the feature flag? Is it obvious what to do from the error message? If not could we append some additional info here to alert the user that the feature flag needs to be enabled on the tenant until this is GAed?
There was a problem hiding this comment.
Setting this property will return Failed 400 Bad Request: Payload validation error: 'Additional properties not allowed: oidc_backchannel_logout, but attempting to set RequirePushedAuthorizationRequests will return 403 Forbidden: The account is not allowed to perform this operation, please contact our support team.
I'll look to update both of these to include a note around ensuring they are enabled
There was a problem hiding this comment.
Sounds good 👍🏻 we can do that in another PR then
🔧 Changes
Add support for configuring the Back-Channel Logout URLs on a Client
📚 References
🔬 Testing
Tested configuring manually as this feature is currently feature flagged.
📝 Checklist