OIDC: Backchannel logout not containing exp #16490
Description
Describe the bug
Some oidc clients require exp to be part of the backchannel logout message.
For example: Matrix Authentication Server
To Reproduce
Setup OIDC with Matrix Authentication Server.
Try Backchannel logout.
See the following in MAS logs:
WARN mas_handlers::upstream_oauth2::backchannel_logout:73 POST-8745 - invalid claims in logout token message.sources=[missing claim "exp"]
Expected behavior
OpenIDC backchannel logout should be compatible with most implementations and either include exp by default, or have an option to add it
Version and Deployment (please complete the following information):
- authentik version: v2025.8.1
- Deployment: docker-compose