feathersjs / feathers

The API and real-time application framework
https://feathersjs.com
MIT License
15.02k stars 745 forks source link

Feathers OAuth should support logout #1640

Open burn2delete opened 4 years ago

burn2delete commented 4 years ago

When using private directory services such as Azure AD B2C. Logging out of the current app session is not enough to log the user out of the session. By attempting to authenticate again the user is logged in without requesting a password.

Feathers should accept a logout_url and redirect the user to the url when logging out, additionally this would require the jwt to store which strategy was used to authenticate and use the appropriate logout_url.

As private directory services do not have additional means to logout a user we are required to implement this solution locally. Currently we redirect the user on the logout event, however this only works when you are using a single OAuth provider.

JerryLeeCS commented 4 years ago

Is there an update on this?