How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- Send a logout token without the exp claim through an IdP through Backchannel logout
Expected behaviour
The IdP should recieve an HTTP/400 error since the exp claim is REQUIRED in the logout token. It should be validated as usual.
Actual behaviour
A success is yield if the exp claim is missing from the logout token
Note
Discussed in #1432. This issue is for visibility and tracking. The exp claim is not made required yet since it would prevent LemonLDAP from logging out user through backchannel logout (upstream issue).
The commit 7fcb03d should be reverted when the issue is fixed upstream.
I'll update this issue when it is done so.
How to use GitHub
Steps to reproduce
Expected behaviour
The IdP should recieve an HTTP/400 error since the exp claim is REQUIRED in the logout token. It should be validated as usual.
Actual behaviour
A success is yield if the exp claim is missing from the logout token
Note
Discussed in #1432. This issue is for visibility and tracking. The exp claim is not made required yet since it would prevent LemonLDAP from logging out user through backchannel logout (upstream issue).
The commit 7fcb03d should be reverted when the issue is fixed upstream.
I'll update this issue when it is done so.