Evolve oidc logout

[llomgui]

Proposed changes

Make sure the IDP is triggered during a logout.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

[netlify]

👷 Deploy request for nginx-kubernetes-ingress pending review.

Visit the deploys page to approve it

Name	Link
🔨 Latest commit	91a9c12

[brianehlert]

Thank you @llomgui
We will take a look and get back to you.
We need to make sure your changes won't break anyone and are relatively generic to the core OIDC flow.

[pdabelf5]

Thank you @llomgui for submitting. Would it be possible for you to submit a GitHub issue to describe the situation you are trying to address. See CONTRIBUTING.md for a description of the issue submission process. There is also the scheduled community call where issues can be discussed.

[llomgui]

Hello @pdabelf5,
I created this issue to describe the current situation.

[ADubhlaoich]

LGTM on the docs side. Withholding from an approval since much of the PR is code-based.

[danielnginx]

Hi @llomgui,

We reviewed your issue and the team recommendation is to get the contents of your PR and port it into the Open ID connect reference implementation

[llomgui]

@danielnginx I will create a PR on this repository.

Do I have to close this one? I don't see any link with Kubernetes-ingress.

[llomgui]

@danielnginx Done nginxinc/nginx-openid-connect#87

[danielnginx]

@llomgui thank you. Once that PR is merged in the nginx-openid-connect, files should get copied over to https://github.com/nginxinc/kubernetes-ingress/tree/main/internal/configs/oidc via a PR. You can close this PR for now.

[llomgui]

@danielnginx The PR created on OIDC repository does not include operators changes.
This PR needs to be merged.

[danielnginx]

@llomgui you are right, we can leave this PR open. Once we get the nginx-openid-connect PR in we can update here.

[llomgui]

@danielnginx Do you have any news on this PR?

[shaun-nx]

@llomgui

As @danielnginx said, we can merge this PR as soon as your PR in the nginx-openid-connect repo is approved and merged.

If you need more visibility on PR, you can post about it in the public #nginx-users slack channel. The maintainers of the nginx-openid-connect repo frequently monitor that channel.

[haywoodsh]

Hello @llomgui, the nginx-openid-connect now includes support for OIDC logout, and our repository has been updated accordingly. We are keen to work with you to get this pull request merged. Could you align the OIDC files in your pull request with those in our kubernetes-ingress repository?
Additionally, as we do not have integration tests for OIDC, I was wondering if you have attempted to deploy our OIDC example with logout, and if so, could you please outline the steps you followed so that I can do some testing on my side as well?

[haywoodsh]

I am not sure if logoutEndpoint and redirectPostLogout should be required fields. This will lead to a breaking change for current users looking to upgrade to the new release, as they will need to modify their OIDC configurations.

[danielnginx]

Hi @llomgui, we are closing this PR and our team is taking over the #4989 implementation. You can follow the progress in the issue, we are working on it in our current sprint https://github.com/orgs/nginxinc/projects/2