What is the logout process with oauth2 ?
Revoke a token ? Remove from storage ? What about your backend ?
We will try several options for different providers and try many possibilities to see how to do a great and correct logout.
By the way, why an incorrect logout process could be a security issue with The French national employment agency
We saw previously that oauth2 servers (and open id connect as well) operates as
authentication servers for web applications.
We also saw that we can open a door with a token, using the standards. Just a little hack
around the response.
Now we will see if we can replace a Linux user management with an oauth2 server. All
examples are made on a raspberry pi 2 running Raspbian.
We also add an authorization check using please-open.it
authorization platform.