Improvements on OpenID Connect logout (id_token_hint, user consent, ...)
Looking to specification in https://openid.net/specs/openid-connect-session-1_0.html, I think about these improvements:
- An option to disable user consent, as the specification says "OP SHOULD ask the End-User whether he wants to log out of the OP as well" ( it is a
SHOULD
not aMUST
). - The possibility to use id_token_hint to find the user active session when we are in backchannel logout (so in unauthenticated mode)