Trailing `/` on `signOutRedirectURL` breaks the application
SkNuwanTissera opened this issue · comments
Describe the issue:
I configured Asgardeo IDP to a react application. I wanted to redirect back to http://localhost:3000 after the user logs out. I mistakenly put http://localhost:3000/
as the signOutRedirectURL
and it results in a page like below when the user logs out.
When I remove the /
, it worked fine. But ideally (IMO) this shouldn't be validated.
How to reproduce:
Expected behavior:
Environment information (Please complete the following information; remove any unnecessary fields) :
- Product Version: [e.g., IS 5.10.0, IS 5.9.0]
- OS: [e.g., Windows, Linux, Mac]
- Database: [e.g., MySQL, H2]
- Userstore: [e.g., LDAP, JDBC]
Optional Fields
Related issues:
Suggested labels:
Hi Nuwan,
The redirect URI specified in the authentication flow should be exactly similar to the redirect URI/s registered in the Asgardeo application, for security reasons. Hence this behaviour is expected.