Support federated logout

[molteber]

Describe the problem you'd like to have solved

When using for an example Azure connection, one will always be logged back in. Federated logout would fix this.

Describe the ideal solution

Could maybe create a new config, logoutParams, which will accept a federated key with a boolean value. It might even accept postLogoutRedirect, but that would require a major bump (unless you accept both locations, but just deprecate the current one).

Alternatives and current work-arounds

I've made a workaround by creating the URL myself and append &federated. Also disable the logout route by setting routes: { logout: false } in the config.

const logout = async (req: Request, res: Response) => {
  // Logs the user out locally
  req[authConfig.session.name] = undefined;

  const returnTo = authConfig.baseURL;
  const logoutURL = new url.URL(`${authConfig.issuerBaseURL}v2/logout`);

  logoutURL.search = querystring.stringify({
    client_id: authConfig.clientID,
    returnTo,
  }) + '&federated';

  res.redirect(logoutURL.toString());
};

[adamjmcgrath]

Hi @molteber - thanks for raising this

Yes, we should add the option to pass custom parameters, like federated to the end session endpoint.

Don't know when we'll get round to adding this, so please continue to use your workaround for the time being.