Logout token does not contains exp claim

[JonasFisch]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When validating the logout token during backchannel logout process I noticed that the exp claim is not included in token. In the OpenIDConnect specs this claim is marked as required (https://openid.net/specs/openid-connect-backchannel-1_0.html#LogoutToken). I was wondering if this is intentional or if the claim is missing.

In the source code the exp claim is not included on token creation.

hydra/consent/strategy_default.go

Line 730 in 36f21d0

"events": map[string]struct{}{"http://schemas.openid.net/event/backchannel-logout": {}},

Reproducing the bug

I used docker compose to setup hydra locally. Then triggered the logout process.

Relevant log output

Relevant configuration

Version

v2.2.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response