This package currently doesn't implement logout token logic. It'd be helpful to know what providers implement this and what real-world use cases look like.

Ory Hydra implements OpenID Connect Back-Channel Logout 1.0 which has logout token logic.
For my use case, I follow the back-channel spec to implement remote logout feature(ex. use desktop webportal to logout mobile device).

Sorry, last time I gave an unusual example. I would like to update.
backchannel-logout is one of the features which support single-sign-out, the other one is frontchannel-logout.
If a browser has multiple RPs login, and after one RP requests logout, the server will emit backchannel-logout api to the rest of the RPs which are related with the authentication session(the cookie which helps achieve single-sign-on).

There are many oidc server implementation supports this feature. For example:

• ory-hydra
• node-oidc-provider
• connect2id

I know google's oidc server hasn't support this feature yet, but this project doesn't restrict its users to google's oidc service only, right?

To solve the logout validation problem I have already had solution based on this project, may I make contribution to here?

Since those specs are still a Draft we'd probably want to wait before adding new APIs to this package.

You should be able to use most of the Verify method to validate a logout token. Then use Claims() to pull out the events and sid claims. Does that satisfy your use case?

@ericchiang now that the spec is final, will the PR be reviewed or considered?

Hi @ericchiang. Learnt of the backchannel logout feature from this discussion knadh/listmonk#2143

+1 for #251