Skip to content
Duende Software Docs

BFF Back-Channel Logout Endpoint Extensibility

The back-channel logout endpoint has several extensibility points organized into two interfaces. The IBackchannelLogoutEndpoint is the top-level abstraction that processes requests to the endpoint. This service can be used to add custom request processing logic or to change how it validates incoming requests. When the back-channel logout endpoint receives a valid request, it revokes sessions using the ISessionRevocationService.

Request Processing

Section titled “Request Processing”

You can customize the behavior of the back-channel logout endpoint by implementing the ProcessRequestAsync method of the IBackchannelLogoutEndpoint interface. The default implementation can serve as a starting point for your own implementation.

If you want to extend the default behavior of the back-channel logout endpoint, you can instead add a custom endpoint and call the original endpoint implementation:

Program.cs
var bffOptions = app.Services.GetRequiredService<IOptions<BffOptions>>().Value;


app.MapGet(bffOptions.BackChannelLogoutPath, async (HttpContext context, CancellationToken ct) =>
{
  // Custom logic before calling the original endpoint implementation
  var endpointProcessor = context.RequestServices.GetRequiredService<IBackchannelLogoutEndpoint>();
  await endpointProcessor.ProcessRequestAsync(context, ct);
  // Custom logic after calling the original endpoint implementation
});

Session Revocation

Section titled “Session Revocation”

The back-channel logout service will call the registered session revocation service to revoke the user session when it receives a valid logout token. To customize the revocation process, implement the ISessionRevocationService.