Spring Security Is it (practically) possible to backport OAuth2 Logout to 5.8.x

It would be nice to be able to perform OAuth2 Logout in v5.8.x (same functionality as v6 offers in that regard: local/back-channel/client-initiated).

Background:

We have 3 "login capable" products that authenticate using Keycloaks deprecated adapter. Those 3 products are currently stuck on the Javax Servlet API due to other frameworks (one of those products is stuck due to a massive amount of Struts v1.2 code, so that will probably never be running on Jakarta Servlet API or the new spring libraries).

Side-note: The KC adapter has caused us a great deal of grief over the years, so we'd really like to jump on a plain Spring Security setup for this (and in our case the logout functionality is the only blocker).

I am aware that it is a bit arbitrary to request a feature backport for a single feature. So if there is not a case for this, it would be very helpful with a good advice on how to proceed. I choose to make it a feature request, so others can chime in, if they are/have been stuck in a similar situation.

I see that v5.8.x is being touted as a stepping stone for v6.x and was wondering if it would be a minor task to backport and maintain the OAuth2 Logout on top of that (not necessarily a Spring Security project) - I assume that it would be doable/viable, if the underlying concepts/code align to a certain degree across v5.8.x and v6.x - If it is necessary to come up with (and implement) most of it from scratch, then we will probably not be throwing developer resources at it.

Comment From: jzheaux

Hey, @cpoulsen-dezide, thanks for reaching out. Given that 5.8.x is offered as a release to facilitate upgrading to 6.x, there are no plans to add features to it.

That said, it in the end is a set of filters and components that you can copy from 6 and wire in your filter chain as a custom filter, so I imagine you could still borrow the Spring Security code without needing to write it yourself.