From b3d63f4158691d0dc65791a8a1a4c16e965adf21 Mon Sep 17 00:00:00 2001
From: Denis Arnst <git@sapd.eu>
Date: Thu, 5 Feb 2026 19:35:50 +0100
Subject: [PATCH] Fix backchannel logout always returning 501

global.ServerSettings is a plain JSON object from toJSON(), so the
isOpenIDAuthSettingsValid getter was always undefined. Use
Database.serverSettings instead, matching the rest of the codebase.
---
 server/Auth.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/Auth.js b/server/Auth.js
index 0fb08e996..d4f77ae75 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -459,7 +459,7 @@ class Auth {
       if (!global.ServerSettings.authOpenIDBackchannelLogoutEnabled) {
         return res.status(501).json({ error: 'not_implemented' })
       }
-      if (!global.ServerSettings.authActiveAuthMethods.includes('openid') || !global.ServerSettings.isOpenIDAuthSettingsValid) {
+      if (!global.ServerSettings.authActiveAuthMethods.includes('openid') || !Database.serverSettings.isOpenIDAuthSettingsValid) {
         return res.status(501).json({ error: 'not_implemented' })
       }