Skip to content

Incorrect documentation for OIDC Back-Channel Logout #15198

New issue
New issue
Closed
Closed
Incorrect documentation for OIDC Back-Channel Logout#15198
Assignees
jzheaux
Labels
in: docsAn issue in Documentation or samplestype: bugA general bug
Milestone
6.2.5
@aelillie

Description

@aelillie
aelillie
opened on Jun 4, 2024

Describe the bug
https://docs.spring.io/spring-security/reference/servlet/oauth2/login/logout.html states that you need a way listen to events published by Spring Security to remove old OidcSessionInformation entries, like so:

@Bean
public HttpSessionEventListener sessionEventListener() {
    return new HttpSessionEventListener();
}

However HttpSessionEventListener.java does not exist. It took me a while to figure out that what you need instead is an HttpSessionEventPublisher like so:

@Bean
public HttpSessionEventPublisher httpSessionEventPublisher() {
    return new HttpSessionEventPublisher();
}

Please update the documentation :) Thank you.

Metadata

Metadata

Assignees

Labels

in: docsAn issue in Documentation or samplestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions