oidc-client-ts icon indicating copy to clipboard operation
oidc-client-ts copied to clipboard

Published 20 hours ago verified publisher icon authts

Question about id_token_hint

Open azerios opened this issue 3 years ago • 1 comments

Hello,

I'm working with ADFS and a react application, my back-end is doing the proxy between both by exposing login and logout urls.

I had the scope id_token_hint in my application and I don't see it in my front end.

So when I call the logout url like this : https:///adfs/oauth2/logout?id_token_hint=XXXXX&post_logout_redirect_uri=http://localhost:5080

I want to know if the id_token_hint is sent as parameter ?

Because my current behavior is that if the logout url is reached, all users are automatically logged in after the reconnexion and not asket to fill a popup with AD username and password. As my internal security team request, it's shouldn't be the case and the login step perform each time

Regards

azerios avatar Aug 05 '22 16:08 azerios

You can see if the id_token_hint is sent as parameter, when using your browser Dev window and watching the https requests in the network tab...

pamapa avatar Aug 23 '22 15:08 pamapa