Adds ability to validate Logout token

[like-a-bause]

Adds the ability to validate a Logout Token according to https://openid.net/specs/openid-connect-backchannel-1_0.html

ericchiang:mod branch is already merged.

Closes #211

[archerbj]

Sorry to bother, may I ask when this will be merged?

[flo-mic]

@aspeteRakete do you have some insights why this PR is not merged?

[like-a-bause]

I think @ericchiang was concerned that backchannel logout is still in draft state. As can be seen in this comment: #211 (comment)

The last rev of the spec was published on August 7, 2020. But at least it is not listed as inactive.
For reference:
https://openid.net/specs/openid-connect-backchannel-1_0.html
https://openid.net/developers/specs/

[flo-mic]

Ah I see. Unfortunately it is two years ago since last update ☹️ and backchannel logout would be a huge security improvement from my perspective. Hope thy will finalize this soon.

Anyway, thanks for the PR 👍🏼. Would like to see it implemented

[like-a-bause]

You can of course use my fork if you want to use backchannel logout. Just updated the branch to contain the latest upstream changes.

[lus]

Is there any update on this?
As far as I am aware, this would not be a breaking change and would allow us to implement backchannel logout without having to rely on an unofficial fork.
Backchannel logout is widely supported by several IdPs, Keycloak would be a popular example.

[lwj5]

Is this PR moving forward? Looks like it's official https://openid.net/specs/openid-connect-backchannel-1_0.html
@ericchiang

[shkarface]

Since backchannel logout is official, I think this PR should be merged.

[FAUSheppy]

Any news here? Would greatly appreciate this critical feature.

[ruoibmt]

This is still desired

[marjus45]

Hey @ericchiang, since this is official https://openid.net/specs/openid-connect-backchannel-1_0.html, could you take a look on this PR? This blocks an important feature for oauth2-proxy oauth2-proxy/oauth2-proxy#1224