backchannel_logout_session_supported does not work correctly

refers to com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata.java

Currently backchannel_logout_session_supported can only be true if frontchannel_logout_supported is true.

The reason are the following lines:

if (op.frontChannelLogoutSupported && jsonObject.get("backchannel_logout_session_supported") != null)
op.backChannelLogoutSessionSupported = JSONObjectUtils.getBoolean(jsonObject, "backchannel_logout_session_supported");

‌

I think the following would be correct:

if (op.backChannelLogoutSupported && jsonObject.get("backchannel_logout_session_supported") != null)
op.backChannelLogoutSessionSupported = JSONObjectUtils.getBoolean(jsonObject, "backchannel_logout_session_supported");

‌

Comments (4)