auth-module icon indicating copy to clipboard operation
auth-module copied to clipboard

Published 20 hours ago verified publisher icon nuxt-community

Redirect after logout with oAuth2 OpenID protocol

Open Dashboard-Community-Center opened this issue 4 years ago • 4 comments

First of all, thank you for your work! I had an issue with the MS OpenID protocol due to a wrong query parameters in my logout scheme. By default, auth-next redirect the user to the ADFS home page with the client_id and the logout_uri parameters. Using it, I was successfully logged out but I was not redirected to the home page of my application defined in the redirect.logout or logoutRedirectUri properties. In order to be properly redirected, I had to forked the library and modifed the distribution files (runtime.js and runtime.mjs) as follow

logout() {
  if (this.options.endpoints.logout) {
    let myToken = this.token.get()
    if (myToken.includes('Bearer')) {
      myToken = myToken.substring(7);
    }
    const opts = {
      post_logout_redirect_uri: this.logoutRedirectURI,
      id_token_hint: myToken
    };
    const url = this.options.endpoints.logout + "?" + encodeQuery(opts);
    window.location.replace(url);
  }
  return this.$auth.reset();
}

instead of

logout() {
  if (this.options.endpoints.logout) {
    const opts = {
      client_id: this.options.clientId + '',
      logout_uri: this.logoutRedirectURI
    }
    const url = this.options.endpoints.logout + '?' + encodeQuery(opts)
    window.location.replace(url)
  }
  return this.$auth.reset()
}

Clearly not the best approach but we had to deploy it asap. Please let me know if this is of interest to match the protocol described below. It is working on my side but I would rather bring it in the scope of your project.

https://docs.microsoft.com/en-us/answers/questions/60633/azure-ad-openid-connect-post-logout-redirect-uri-w.html

Dashboard-Community-Center avatar Jan 20 '21 00:01 Dashboard-Community-Center

Hi @Dashboard-Community-Center! Thank you for reporting this issue and sharing your code! There is a WIP PR #855 that will add Azure AD provider, and I believe we could add your logout method to it. :)

I'll talk to the PR author to check the status of the PR and I let you know when it is merged.

JoaoPedroAS51 avatar Jan 20 '21 01:01 JoaoPedroAS51

Hi @Dashboard-Community-Center! Thank you for reporting this issue and sharing your code! There is a WIP PR #855 that will add Azure AD provider, and I believe we could add your logout method to it. :)

I'll talk to the PR author to check the status of the PR and I let you know when it is merged.

Any update on the PR progress? Looks like it's been 8 months since it was raised. Comments seem to show that all work is completed. It would be great to use this as a provider! Thanks 🙌🏼

musayev-io avatar Sep 15 '21 21:09 musayev-io

Hi, I'm facing the same issue with PingOne. Their docs state that the name of the parameter should be post_logout_redirect_uri, see https://docs.pingidentity.com/bundle/pingone/page/vsa1585774811932.html. Looking at the spec at https://openid.net/specs/openid-connect-rpinitiated-1_0.html it does seem that this is the correct parameter name. Should this be fixed at the base framework level?

tnabil avatar Oct 19 '21 07:10 tnabil

Any development for this issue?

kalatchev avatar Apr 15 '23 15:04 kalatchev