Expected Behavior
When using Spring Session with Spring Boot, I'd expect Back-Channel Logout to work out of the box. This would require a compatible OidcSessionRegistry in the application context.
Current Behavior
The only OidcSessionRegistry provided by Spring Security is InMemoryOidcSessionRegistry which isn't compatible with distributed OAuth2 clients.
Context
I'm using spring-cloud-gateway-mvc configured with oauth2Login, the TokenRelay= filter, and Back-Channel Logout. To achieve high availability of k8s deployments, I'd like to have a minimum of two instances running in parallel. Unfortunately, for now, Back-Channel Logout won't work in this configuration.
Expected Behavior
When using Spring Session with Spring Boot, I'd expect Back-Channel Logout to work out of the box. This would require a compatible
OidcSessionRegistryin the application context.Current Behavior
The only
OidcSessionRegistryprovided by Spring Security isInMemoryOidcSessionRegistrywhich isn't compatible with distributed OAuth2 clients.Context
I'm using
spring-cloud-gateway-mvcconfigured withoauth2Login, theTokenRelay=filter, and Back-Channel Logout. To achieve high availability of k8s deployments, I'd like to have a minimum of two instances running in parallel. Unfortunately, for now, Back-Channel Logout won't work in this configuration.