Skip to content

Commit

Permalink
Honor params passed to logout over defaults
Browse files Browse the repository at this point in the history
  • Loading branch information
adamjmcgrath committed Nov 2, 2023
1 parent cc78f00 commit 239f4e1
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 3 deletions.
4 changes: 2 additions & 2 deletions lib/context.js
Original file line number Diff line number Diff line change
Expand Up @@ -324,9 +324,9 @@ class ResponseContext {

returnURL = client.endSessionUrl({
...config.logoutParams,
...params.logoutParams,
post_logout_redirect_uri: returnURL,
id_token_hint,
post_logout_redirect_uri: returnURL,
...params.logoutParams,
});
} catch (err) {
return next(err);
Expand Down
49 changes: 48 additions & 1 deletion test/logout.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ describe('logout route', async () => {
assert.include(
response.headers,
{
location: `https://op.example.com/session/end?post_logout_redirect_uri=http%3A%2F%2Fexample.org&id_token_hint=${idToken}`,
location: `https://op.example.com/session/end?id_token_hint=${idToken}&post_logout_redirect_uri=http%3A%2F%2Fexample.org`,
},
'should redirect to the identity provider'
);
Expand Down Expand Up @@ -297,6 +297,53 @@ describe('logout route', async () => {
assert.equal(url.hostname, 'foo.com');
});

it('should honor logout url arguments over logout params', async () => {
const router = auth({
...defaultConfig,
idpLogout: true,
routes: { logout: false },
});
server = await createServer(router);
router.get('/logout', (req, res) =>
res.oidc.logout({
logoutParams: { post_logout_redirect_uri: 'http://bar.com' },
})
);

const { jar } = await login();
const {
response: {
headers: { location },
},
} = await logout(jar);
const url = new URL(
new URL(location).searchParams.get('post_logout_redirect_uri')
);
assert.equal(url.hostname, 'bar.com');
});

it('should honor logout id_token_hint arguments over default', async () => {
const router = auth({
...defaultConfig,
idpLogout: true,
routes: { logout: false },
});
server = await createServer(router);
router.get('/logout', (req, res) =>
res.oidc.logout({
logoutParams: { id_token_hint: null },
})
);

const { jar } = await login();
const {
response: {
headers: { location },
},
} = await logout(jar);
assert.notOk(new URL(location).searchParams.get('id_token_hint'));
});

it('should ignore undefined or null logout params', async () => {
server = await createServer(
auth({
Expand Down

0 comments on commit 239f4e1

Please sign in to comment.