oauth2-mock-server icon indicating copy to clipboard operation
oauth2-mock-server copied to clipboard

Published 20 hours ago verified publisher icon axa-group

Don't require `post_logout_redirect_uri`

Open meesvandongen opened this issue 2 years ago • 3 comments

Summary

The post_logout_redirect_uri is not required in the openid specification. https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout ; However, the oauth2-mock-server checks for this anyway.

Desired solution

The post logout redirect uri is not checked.

Alternative solutions

make it configurable somehow.

meesvandongen avatar Feb 03 '23 10:02 meesvandongen

I was able to work around this by creating a custom endpoint:

const server = new OAuth2Server();
server.service.requestHandler.get(`/connect/endSession`, (req, res) => {
  server.service.emit("customBeforePostLogoutRedirect", req, res);
  res.status(204).end();
});
await server.issuer.keys.add(key);
await server.start(port, "0.0.0.0");

meesvandongen avatar Feb 08 '23 10:02 meesvandongen

Hi, I just ran into the exact same issue.

@meesvandongen could you reopen the issue? Even though you found a workaround I still belive this should be fixed within the library.

markbrockhoff avatar Aug 27 '24 09:08 markbrockhoff

Thanks @meesvandongen

markbrockhoff avatar Aug 27 '24 09:08 markbrockhoff