post_logout_redirect_uri not set by logoutUrl if id hint is missing

[kbrabrand]

Describe the bug

The logoutUrl function on the Keycloak prototype takes to parameters. The first one redirectUrl is required, whilst the idTokenHint is an optional parameter (per the TS types).

However – if the idTokenHint is not provided, the redirectUrl is not included, because of this check 👇

if (redirectUrl && idTokenHint) {
  url.searchParams.set('id_token_hint', idTokenHint)
  url.searchParams.set('post_logout_redirect_uri', redirectUrl)
}

Version

15.1.1 (server) - 19.0.1 (keycloak-connect)

Expected behavior

When calling the logoutUrl method from the Keycloak prototype, passing a redirectUrl I expect the redirectUrl to be included in the logoutUrl returned. Regardless of whether or not the idTokenHint is provided.

Actual behavior

If no idTokenHint is passed to the Keycloak.prototype.logoutUrl method the redirectUrl is not appended either. It's either idTokenHint+redirectUrl or nothing at all.

How to Reproduce?

const kc = new Keycloak(...)

// this one will include the redirectUrl
kc.logoutUrl('https://where.to.go', 'id123')

// this one won't include the redirectUrl, because of the missing id token hint
kc.logoutUrl('https://where.to.go')

Anything else?

No response

[claudiunicolaa]

This sounds legit taking into consideration the client_id query param was added to logout https://github.com/keycloak/keycloak/issues/12002#issuecomment-1128896662

When client_id parameter is used and id_token_hint is NOT used and post_logout_redirect_uri is used ...