Project

openid_backchannel_logout

0.0
The project is in a healthy, maintained state
openid_backchannel_logoutngochai220998/openid_backchannel_logoutHomepageDocumentationSource CodeBug Tracker
A Ruby implementation of OpenID Connect Backchannel Logout, as defined in the OpenID Connect Back-Channel Logout 1.0 specification.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
375
Stars
1
Forks
0
Watchers
1
 Releases
Current version
1.0.0
Total releases
2
First release
2024-12-07
Latest release
2024-12-07
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2024-12-06
Reverse Dependencies
0

 Dependencies

Runtime

jwt
~> 2.0
 Project Readme

OpenID Backchannel Logout

The OpenidBackchannelLogout gem offers an easy way to implement OpenID Connect Back-Channel Logout functionality in your Ruby on Rails application. It is designed to comply to the OpenID Connect Back-Channel Logout specification for client-side operations.

Gem: https://rubygems.org/gems/openid_backchannel_logout

If you notice any issues, feel free to let me know (^-^)

Features

  • Validates Logout Tokens according to the OpenID Connect specification.
  • Handles back-channel logout requests with minimal setup.
  • Rails generator for auto-creating controllers, routes, and initializers.

Installation

Add the gem to your Gemfile:

gem 'openid_backchannel_logout'

Then install it:

bundle install

Basic Usage:

# in your controller

OpenidBackchannelLogout::Executor.new.call(request) do |sub, sid|
  Rails.logger.info("Logging out user with sub: #{sub}, sid: #{sid}")
  # TODO: Implement the logic to logout the user
end

Or you can use ↓

Generators

1. Setup Configuration

Run the gem's generator to set up the configuration, controller, and routes:

rails generate openid_backchannel_logout:install

This will:

Create an initializer at config/initializers/openid_backchannel_logout.rb:

OpenidBackchannelLogout.configure do |config|
  config.issuer = ENV.fetch('OIDC_ISSUER', '') # OpenID Provider
  config.audience = ENV.fetch('OIDC_CLIENT_ID', '') # Your Client ID
end

Set the required environment variables in your application:

  • OIDC_ISSUER: The OpenID Provider's URL (e.g., https://idp.example.com).
  • OIDC_CLIENT_ID: The Client ID registered with the OpenID Provider.

Create a controller at app/controllers/api/internal/backchannel_logouts_controller.rb:

module Api
  module Internal
    class BackchannelLogoutsController < ActionController::API
      def create
        OpenidBackchannelLogout::Executor.new.call(request) do |sub, sid|
          Rails.logger.info("Logging out user with sub: #{sub}, sid: #{sid}")
          # TODO: Implement the logic to logout the user
        end

        render plain: 'Logout successful', status: :ok
      rescue StandardError => e
        Rails.logger.error("Backchannel logout error: #{e.message}")
        render plain: e.message, status: :bad_request
      end
    end
  end
end

You can customize the create action to define how your application should log out users based on sub (subject identifier) or sid (session ID).

Add a route to config/routes.rb:

namespace :api, defaults: { format: 'json' } do
  namespace :internal do
    resource :backchannel_logout, only: :create
  end
end

Note: You can customize it in any way you like.

Testing

bundle exec rspec

If you are integrating the gem into your application, you can also test the generated routes and controller by simulating logout requests.

License

The gem is available as open source under the terms of the MIT License.