[OIDC] Session Management and Logout

Currently, AlekSIS as an OIDC Provider does not provide sufficient security regarding logouts. Relying Parties currently suggest to the user that they were logged out, while they are never actually logged out from AlekSIS, so subsequent logins to any connected platform will succeed without credentials.

AlekSIS should hence support the following OIDC features, if possible by implementing them in django-oauth-toolkit:

RP-Initiated Logout
OIDC Session Management
Front-Channel Logout or Back-Channel Logout

It might be possible that not all of these specs are required, or using only one makes more sense.

Edited Jul 24, 2024 by Nik | Klampfradler