We have a multitenant application with GD dashboards embedded as iframes. Our web app is also the OIDC provider - we don’t use a 3rd party OIDC service.
We have an issue where a user can log in to our web app under tenant A, and then they can see the embedded iframe containing tenant A’s data - when they view the iframe they are logged into our GD instance using OIDC.
The user can then sign out of our app (their GD session remains signed in however). They then sign in to our app under tenant B. They then view the embedded iframe dashboard - but they still see tenant A’s dashboard because their good data session as tenant A is still signed in.
Does GD support OIDC backchannel logout? I think one solution would be - when a user logs out of our app - we send a backchannel logout to the GD instance as well.
I’m open to other suggestions as to how to ensure when a user jumps from one tenant to another we also invalidate their GD login session from the prior tenant.
Best answer by Jan Kos
View original