Open ToniIltanen opened 7 years ago
I suggest a change, where the id_token is passed to the callback (Currently it is not passed at all). To properly log out from an Open Id Connect provider, you must provide the id_token_hint to the end session.
This token is being passed to the callback as accessToken, you can use the callback with 7 parameters to get it.
passport.use('openidconnect', new OidcStrategy(openidClientInfo,
function(req, iss, sub, profile, accessToken, refreshToken, verified) {
// Code to handle the data you need
verified(null, data, profile);
}));
As I understand from the documentation I need to send a POST request with the token to the Revocation endpoint of my openid-connect provider, I'm still working on it.
Hope this works for you and it is not too late, please let me know if you succeeded on making this work.
How does one retrieve id_token for logging out from the provider? It should be setted to id_token_hint query parameter in the end session -endpoint.