Consider supporting backchannel logout

[kevinchalet]

Confirm you've already contributed to this project or that you sponsor it

• I confirm I'm a sponsor or a contributor

Describe the solution you'd like

Multiple users recently expressed interest for backchannel logout support in OpenIddict.

It shouldn't be terribly complicated to implement, but it requires a new session entity/manager/store.

We also need to determine what the ASP.NET Core/ASP.NET Core Identity story will look like, as we'll need a stable, per-authentication session identifier that isn't reset when the authentication cookie is refreshed: when directly using the cookie handler, a simple GUID/random ID can easily be attached to the AuthenticationProperties bag, but it's a lot more complicated when the sign-in operation is triggered by ASP.NET Core Identity itself.

Note: there's still no plans to implement frontchannel logout support as it has always been a clunky specification and no longer works for cross-domain communication due to the ban of third-party cookies enforced by most browser vendors.

Additional context

https://openid.net/specs/openid-connect-backchannel-1_0.html
https://openid.net/specs/openid-connect-frontchannel-1_0.html
https://openid.net/specs/openid-connect-session-1_0.html

[kevinchalet]

Note: as part of #2174, the logout endpoint exposed by the server stack was renamed to end-session endpoint, which will avoid any confusion with the backchannel logout endpoint we'll need to implement in the client stack if we decide to support this feature.