[FEAT] Support Back-Channel logout based on client id(s)

[anderslauri]

Is your feature request related to a problem? Please describe.

The current implementation of back_channel is global for all clients which support back_channel - this is rather inflexible and we would like the ability to tune this more fine granular based on accepting logout request via LogoutProvider.

Describe the solution you'd like

When accepting logout request pass new (optional) attribute, e.g. naming would be aud - a set of client ids which is to be revoked on the RP-side. When attribute is not present existing functionality is kept - global. As the existing query only retrives matching clients with the sid present we can filter based on this inside of strategy_default.go. Yes, naturally modification of the query would be an alternative...

Describe alternatives you've considered

The alternative is we have a common back_channel logout endpoint for all RP where we do some kind of state matching to tune this more fine granular.

Additional context

N/A

[anderslauri]

Given an OK, I can provide the PR. However, perhaps I missed a part of the specification or reasoning to the existing implementation - hence this issue.

[aeneasr]

I think this would be a nice improvement :) PRs welcomed! Would be great if you could outline your high level plan first here in the issue, and then work on implementation - that helps to get things done faster and keeps code reviews smaller

[github-actions]

Hello contributors!

I am marking this issue as stale as it has not received any engagement from the community or maintainers a year. That does not imply that the issue has no merit! If you feel strongly about this issue

• open a PR referencing and resolving the issue;
• leave a comment on it and discuss ideas how you could contribute towards resolving it;
• leave a comment and describe in detail why this issue is critical for your use case;
• open a new issue with updated details and a plan on resolving the issue.

Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.

Unfortunately, burnout has become a topic of concern amongst open-source projects.

It can lead to severe personal and health issues as well as opening catastrophic attack vectors.

The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.

If this issue was marked as stale erroneous you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.

Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!

Thank you 🙏✌️