AspNetCoreSecuritySamples | Samples for various ASP.NET Core Security Features | OAuth library

I'm working through building a prototype of an IdentityServer4-based process where I have an Angular SPA, a "Back-end for Front-end" (BFF) ASP.NET Core API, and a back-end API service (also ASP.NET Core) all interacting with a derivative of the https://demo.identityserver.io/ IdP.

My BFF and back-end API services are based on the samples found at "https://github.com/leastprivilege/AspNetCoreSecuritySamples/tree/aspnetcore3/BFF"

Everything is going pretty well until I try to create the scenario where the user chooses to logout from the IdP Logout page. The BFF service does not 'notice' the user's token and session has been revoked/removed until the tokens expire much later.

I suspect I should be using the process found in the sample https://github.com/IdentityServer/IdentityServer4/tree/main/samples/Clients/src/MvcHybridBackChannel where a cookie event handler in the BFF service implements ValidatePrincipal(CookieValidatePrincipalContext context) to make an explicit call to the IdP to verify the user's token on each request.

First question: is this the correct pattern to accomplish this? Or am I making this needlessly complex?

Second question: what is the method to ask the IdP "Is this session still valid?" (This seems like something that should be easy to do!)

Thank you in advance.