Allow OIDC providers that do not support a RP-initiated logout
Problem to solve
Some OIDC providers do not support a RP-initiated logout specification and do not return an OpenID Connect well-known end_session_endpoint metadata property. The specific logout mechanisms of such OIDC providers only differ in how the logout URL query parameters are named.
Further details
Reported OIDC providers:
- dex https://dexidp.io/
- OpenUnison https://openunison.github.io/
Proposal
Allow the configuration of properties:
- quarkus.oidc.end-session-path
- quarkus.oidc.logout.post-logout-uri-param
- quarkus.oidc.logout.extra-params
Another proposal is to use the local logout which means that only the local session cookie is cleared, this might be the preferred option.
Testing
Acceptance Criteria
Allow OIDC login to to web console using one of the reported providers.