search

jaredhanson / passport-openidconnect

OpenID Connect authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-openidconnect/?utm_source=github&utm_medium=referral&utm_campaign=passport-openidconnect&utm_content=about
MIT License
191 stars 177 forks source link

Logout #45

Open ToniIltanen opened 7 years ago

ToniIltanen commented 7 years ago

How does one retrieve id_token for logging out from the provider? It should be setted to id_token_hint query parameter in the end session -endpoint.

ToniIltanen commented 7 years ago

I suggest a change, where the id_token is passed to the callback (Currently it is not passed at all). To properly log out from an Open Id Connect provider, you must provide the id_token_hint to the end session.

danpe91 commented 7 years ago

This token is being passed to the callback as accessToken, you can use the callback with 7 parameters to get it.

passport.use('openidconnect', new OidcStrategy(openidClientInfo,
        function(req, iss, sub, profile, accessToken, refreshToken, verified) {

            // Code to handle the data you need
            verified(null, data, profile);
        }));

As I understand from the documentation I need to send a POST request with the token to the Revocation endpoint of my openid-connect provider, I'm still working on it.

Hope this works for you and it is not too late, please let me know if you succeeded on making this work.