Interface GenerateLogoutTokenOptions

Options for generateLogoutToken (OIDC Back-Channel Logout 1.0).

interface GenerateLogoutTokenOptions {
    aud: string | string[];
    expiresIn?: number;
    includeSid?: boolean;
    issuer: string;
    keyStore: KeyStore;
    sid?: string;
    sub: string;
}

Index

Properties

aud expiresIn? includeSid? issuer keyStore sid? sub

Properties

`Readonly`aud

aud: string | string[]

Audience — the client_id of the RP receiving this logout_token.

`Optional` `Readonly`expiresIn

expiresIn?: number

TTL in seconds. Defaults to 300 (5 minutes) per Back-Channel Logout 1.0 best practice.

`Optional` `Readonly`includeSid

includeSid?: boolean

Whether to include the sid claim. Defaults to true for security — most RPs require sid to correlate the logout with their local session. Set to false only when the RP registered with backchannel_logout_session_required: false.

`Readonly`issuer

issuer: string

Issuer URL (MUST match the id_token iss claim for the session being logged out).

`Readonly`keyStore

keyStore: KeyStore

JWT signer.

`Optional` `Readonly`sid

sid?: string

Session identifier (MUST match the id_token sid claim when present).

`Readonly`sub

sub: string

Subject identifier of the user being logged out.

Interface GenerateLogoutTokenOptions

Index

Properties

Properties

`Readonly`aud

`Optional` `Readonly`expiresIn

`Optional` `Readonly`includeSid

`Readonly`issuer

`Readonly`keyStore

`Optional` `Readonly`sid

`Readonly`sub

Settings

On This Page

Interface GenerateLogoutTokenOptions

Index

Properties

Properties

Readonlyaud

Optional ReadonlyexpiresIn

Optional ReadonlyincludeSid

Readonlyissuer

ReadonlykeyStore

Optional Readonlysid

Readonlysub

Settings

On This Page

`Readonly`aud

`Optional` `Readonly`expiresIn

`Optional` `Readonly`includeSid

`Readonly`issuer

`Readonly`keyStore

`Optional` `Readonly`sid

`Readonly`sub