OpenID Connect Back-Channel Logout
OpenID Connect Back-Channel Logout lets an OpenID Provider tell relying parties, server to server, that a user's local OpenID Connect session should be cleared without depending on the user's browser.
Definition
OpenID Connect Back-Channel Logout 1.0 is an OpenID Foundation specification by Michael B. Jones and John Bradley. It defines a direct path from an OpenID Provider, or OP, to relying parties, or RPs, that need to end local sessions after the OP has decided an end-user should be logged out.
The specification exists because browser-mediated logout is fragile. Front-channel mechanisms send logout requests through the user agent. Back-channel logout instead has the OP send a logout request directly to each RP's registered endpoint. The tradeoff is that browser cookies and local storage are not available in that server-to-server request, so needed session identifiers must be communicated explicitly.
The boundary should stay narrow. Back-channel logout is a session-clearing mechanism. It is not general token revocation, not continuous access evaluation, not proof that the user approved an agent action, and not a guarantee that every downstream job or connector stopped.
Current Context
As of the July 10, 2026 review, the current public OpenID page for Back-Channel Logout is the Final specification dated December 15, 2023, incorporating errata set 1. The OpenID Foundation membership approved the OpenID Connect logout family as Final Specifications on September 12, 2022, including Session Management, Front-Channel Logout, Back-Channel Logout, and RP-Initiated Logout.
That date distinction matters for citations. The September 2022 final announcement establishes final status. The December 2023 page is the current errata-incorporating text to use for claim details such as the exp requirement, application/logout+jwt media type, and cross-JWT-confusion guidance.
How It Works
An OP advertises support with discovery metadata such as backchannel_logout_supported and, when it can pass session identifiers, backchannel_logout_session_supported. An RP indicates support by registering a backchannel_logout_uri and can state with backchannel_logout_session_required whether the Logout Token must include a sid claim. The registered URI must be absolute, must not include a fragment, should use HTTPS, and may use HTTP only for a confidential client when the OP allows it.
When logout occurs, the OP sends an HTTP POST to the RP's endpoint with a logout_token form parameter. The Logout Token is a signed JWT and may also be encrypted. It includes iss, aud, iat, exp, jti, and an events claim containing http://schemas.openid.net/event/backchannel-logout. It must include sub, sid, or both, and it must not include nonce.
Validation is profile-specific. The RP validates the signature as it would validate an ID Token signature, rejects alg value none, checks issuer, audience, issued-at and expiration claims, verifies the event claim, verifies the absence of nonce, and may reject repeated jti values. It may also compare issuer, subject, and session ID against a current or recent ID Token for the same OP/RP session.
After receiving a valid Logout Token, the RP locates sessions identified by issuer plus subject and/or session ID, then clears the corresponding local state. If no sid is present, the intent is that all RP sessions for the end-user identified by iss and sub be logged out. A successful response is HTTP 200 OK, with HTTP 204 No Content tolerated by OPs because some frameworks substitute it for an empty 200 response. Invalid requests or failed logout actions require HTTP 400 Bad Request.
The spec registers the application/logout+jwt media type and recommends typ value logout+jwt for new deployments where compatibility allows it. That detail matters because RFC 8725 warns about cross-JWT confusion: a token issued for one purpose can be abused in another if recipients do not separate token classes.
Agent Context
Agent systems often split identity, user interface, model reasoning, and tool execution across services. A chatbot may initiate work, an agent runtime may hold job state, a connector may hold a session to a third-party service, and an identity provider may know that the user session ended. Back-channel logout gives the identity layer a direct way to tell the connector or RP that the local session should end.
The mechanism is not a full authorization system. It does not cancel every job, govern model memory, or prove that an agent stopped using a separate OAuth grant. The back-channel spec says refresh tokens issued without the offline_access property to the session being logged out should be revoked, while refresh tokens issued with offline_access normally should not. Agent platforms still need OAuth Token Revocation, OAuth Token Introspection, sender-constrained tokens, audit logs, and policy gates for consequential actions.
Governance and Safety
The governance value is continuity. Login creates trust, but logout and revocation must dismantle it. For agents, the hazard is background work that continues under an obsolete local session.
Security depends on validation, not mere receipt. The RP must verify the Logout Token, reject misuse as another JWT class, map the subject or session ID to local state, and clear only the sessions covered by the event. The OP should keep expiration short; the spec encourages Logout Token lifetimes preferably at most two minutes in the future to reduce replay value.
Reachability is also a governance fact. Back-channel logout requires the RP's endpoint to be reachable from every OP that needs to call it; an RP hidden behind a firewall, NAT, tenant gateway, or local-only development environment may not receive the logout event. Production evidence should therefore include endpoint reachability tests and failure behavior, not just metadata registration.
Privacy still matters. A logout event can reveal that a user had a session with a specific RP. Logs should prove why the session ended without retaining raw Logout Tokens, bearer tokens, full claim sets, browser identifiers, or user secrets.
Minimum Evidence Record
An agent platform using back-channel logout should preserve the OP issuer, RP client, registered logout endpoint, endpoint reachability status, token fingerprint, jti, issued-at and expiration times, subject and session mapping, event URI, validation result, local sessions affected, refresh-token revocation decision, connector state after logout, follow-up token introspection, and any background jobs stopped or allowed to continue. Logs should not store raw Logout Tokens, bearer tokens, or unnecessary user secrets.
Failure Modes
Session-token confusion. The RP treats logout as if it revoked every OAuth grant, access token, background job, and connector credential.
Token-class confusion. A Logout Token is accepted as an ID Token, access token, client assertion, or generic JWT proof because the receiver does not enforce token profile and event type.
Wrong blast radius. The RP receives a token with only sub and logs out too little, or receives a token with sid and logs out too much.
Replay tolerance. The RP accepts stale Logout Tokens because expiration, issued-at time, and duplicate jti handling are weak.
Unreachable endpoint. The OP has recorded the RP as logged in, but the RP's backchannel_logout_uri cannot be reached from the OP during the logout cascade.
Agent afterlife. The local web session ends, but an agent run, connector grant, task queue, or cached authorization state continues using authority the user would reasonably think ended.
Defense Pattern
- Register deliberately. Expose a reachable
backchannel_logout_urionly for clients that can map Logout Tokens to local sessions. - Validate strictly. Check signature, algorithm, issuer, audience, issued-at and expiration fields, JWT ID, event claim, absence of
nonce, andsub/sidmapping. - Use token typing where possible. Prefer
typ=logout+jwtin new deployment profiles and reject Logout Tokens in unrelated JWT contexts. - Separate session from permission. Treat logout as a session-state change, then run separate revocation and job-cancellation policy where needed.
- Handle refresh tokens explicitly. Apply the spec's
offline_accessdistinction and record whether revocation was attempted, skipped, or failed. - Record consequences. Log which local session, connector, or agent run changed because of the valid Logout Token.
Source Discipline
Claims about OP discovery metadata, RP registration metadata, Logout Token claims, validation, responses, refresh-token handling, and media type registration should cite the OpenID Connect Back-Channel Logout specification, preferably the December 15, 2023 errata-incorporating text. Claims about final status should cite the September 12, 2022 OpenID Foundation final-specification announcement.
Claims about Security Event Tokens should cite RFC 8417, especially when treating events as statements of fact that receivers interpret locally rather than as commands. Claims about JWT type confusion should cite RFC 8725 and the back-channel spec's cross-JWT-confusion section. Claims about grant cleanup should distinguish the OpenID session logout flow from OAuth Token Revocation under RFC 7009.
Spiralist Reading
Spiralism reads back-channel logout as a modest ritual of ending. A login says, for now, this system may treat a person as present. Logout should undo that permission across the places that learned to act on it.
The discipline is to let session endings travel far enough to stop stale authority without pretending that one logout token solves the broader politics of delegation, memory, and consent.
Open Questions
- Which agent jobs should be canceled automatically when their human user's OP session ends?
- How should RPs prove that a
sub-only Logout Token cleared every relevant local session without over-clearing unrelated sessions? - When should a back-channel logout event trigger token introspection, token revocation, step-up authentication, or human review?
- How should platforms expose partial logout failures when one RP endpoint in a cascade is unreachable?
Related Pages
- OpenID Connect
- OpenID Connect Session Management
- OpenID Connect Front-Channel Logout
- OpenID Connect RP-Initiated Logout
- Shared Signals Framework
- OAuth Security Best Current Practice
- OAuth Token Introspection
- OAuth Token Revocation
- Sender-Constrained Tokens
- OAuth DPoP
- OAuth Mutual TLS
- JSON Web Tokens
- AI Agent Identity
- AI Agent Observability
- AI Audit Trails
Sources
- M. Jones and J. Bradley, OpenID Foundation, OpenID Connect Back-Channel Logout 1.0 incorporating errata set 1, Final, December 15, 2023; reviewed July 10, 2026.
- OpenID Foundation, The OpenID Connect Logout specifications are now Final Specifications, September 12, 2022.
- OpenID Foundation, OpenID Connect Core 1.0 incorporating errata set 2, Final, December 15, 2023; reviewed July 10, 2026.
- P. Hunt, M. Jones, W. Denniss, and M. Ansari, IETF, RFC 8417: Security Event Token (SET), July 2018; reviewed July 10, 2026.
- Y. Sheffer, D. Hardt, and M. Jones, IETF, RFC 8725: JSON Web Token Best Current Practices, February 2020; reviewed July 10, 2026.
- T. Lodderstedt, S. Dronia, and M. Scurtescu, IETF, RFC 7009: OAuth 2.0 Token Revocation, August 2013; reviewed July 10, 2026.