Open
Description
The current implementation relies on cookies for front-channel logout. As noted in the spec, this is increasingly problematic, as modern browsers will not send cookies with content in an iframe.
The solution is either to use back-channel logout (which my IdP does not support), or use the sid
parameter from the id-token as a session identifier, as is optional in the spec.
My feature request is that this oidc-implementation supports the sid
parameter for front-channel logout.