Don't require `post_logout_redirect_uri`

Question

Don't require `post_logout_redirect_uri`

meesvandongen opened this issue 2 years ago · comments

Summary

The post_logout_redirect_uri is not required in the openid specification. https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout ; However, the oauth2-mock-server checks for this anyway.

Desired solution

The post logout redirect uri is not checked.

Alternative solutions

make it configurable somehow.

meesvandongen · Answer 1 · Wed Feb 08 2023 18:38:14 GMT+0800 (China Standard Time)

I was able to work around this by creating a custom endpoint:

const server = new OAuth2Server();
server.service.requestHandler.get(`/connect/endSession`, (req, res) => {
  server.service.emit("customBeforePostLogoutRedirect", req, res);
  res.status(204).end();
});
await server.issuer.keys.add(key);
await server.start(port, "0.0.0.0");

Mark Brockhoff · Answer 2 · Tue Aug 27 2024 17:30:24 GMT+0800 (China Standard Time)

Hi, I just ran into the exact same issue.

@meesvandongen could you reopen the issue? Even though you found a workaround I still belive this should be fixed within the library.

Mark Brockhoff · Answer 3 · Tue Aug 27 2024 17:53:40 GMT+0800 (China Standard Time)

Thanks @meesvandongen