express-openid-connect
    Preparing search index...

    Interface BackchannelLogoutOptions

    Custom options to configure Back-Channel Logout on your application.

    interface BackchannelLogoutOptions {
        isLoggedOut?:
            | false
            | ((req: Request, config: ConfigParams) => boolean | Promise<boolean>);
        onLogin?:
            | false
            | ((req: Request, config: ConfigParams) => void | Promise<void>);
        onLogoutToken?: (
            decodedToken: object,
            config: ConfigParams,
        ) => void | Promise<void>;
        store?: SessionStore<Pick<SessionStorePayload<Session>, "cookie">>;
    }
    Index

    Properties

    isLoggedOut?:
        | false
        | ((req: Request, config: ConfigParams) => boolean | Promise<boolean>)

    When backchannelLogout is enabled all requests that have a session will be checked for a previous Back-Channel logout. By default, this uses the sub and the sid (if available) from the session's ID token to look up a previous logout and logs the user out if one is found.

    You can override this to implement your own Back-Channel Logout logic (See https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-genid.js or https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-query-store.js)

    onLogin?: false | ((req: Request, config: ConfigParams) => void | Promise<void>)

    When backchannelLogout is enabled, upon successful login the SDK will remove any existing Back-Channel logout entries for the same sub, to prevent the user from being logged out by an old Back-Channel logout.

    You can override this to implement your own Back-Channel Logout logic (See https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-genid.js or https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-query-store.js)

    onLogoutToken?: (
        decodedToken: object,
        config: ConfigParams,
    ) => void | Promise<void>

    On receipt of a Logout Token the SDK validates the token then by default stores 2 entries: one by the token's sid claim (if available) and one by the token's sub claim (if available).

    If a session subsequently shows up with either the same sid or sub, the user if forbidden access and their cookie is deleted.

    You can override this to implement your own Back-Channel Logout logic (See https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-genid.js or https://github.com/auth0/express-openid-connect/tree/master/examples/examples/backchannel-logout-custom-query-store.js)

    store?: SessionStore<Pick<SessionStorePayload<Session>, "cookie">>

    Used to store Back-Channel Logout entries, you can specify a separate store for this or just reuse SessionConfigParams.store if you are using one already.

    The store should have get, set and destroy methods, making it compatible with express-session stores.