Backchannel Logout JWT validation with openid-client 6.*

[lsim91]

Hi guys,

Can't found in 6.* doc or exemple how to implement backchannel logout.

I've code a code like this with 5.* client :

  const validatedJWT = await client.validateJWT(
    logoutToken,
    client.id_token_signed_response_alg,
    ['iss', 'sub', 'aud', 'iat', 'sid', 'events']
  );

How could I validate the logout token with 6.* client ?

Many thanks,
Laurent

[panva]

FWIW in v5.x the validateJWT method is not documented, typed, and therefore not regarded as part of public API and I am not actively certifying for the oidc backchannel logout profile.

You can use the jose module to validate the assertion.