keycloak / keycloak-nodejs-connect

Apache License 2.0
682 stars 421 forks source link

Add client_id to logout url #425

Open claudiunicolaa opened 2 years ago

claudiunicolaa commented 2 years ago

Description

In Keycloak 19 was added support for client_id as described in the OIDC RP-Initiated specification. More details could be found here https://github.com/keycloak/keycloak/issues/12002#issuecomment-1128896662

At this moment the library does not offer support for setting the client_id in the logout URL and the post_logout_redirect_uri query param is set only if idTokenHint function param is set.

Discussion

No response

Motivation

The library should match the Keycloak Server capabilities.

Details

The logout function should look like this

Keycloak.prototype.logoutUrl = function (redirectUrl, idTokenHint) {
    const url = new URL(this.config.realmUrl + '/protocol/openid-connect/logout')

    url.searchParams.set('client_id', this.config.clientId)

    if (redirectUrl) {
      url.searchParams.set('post_logout_redirect_uri', redirectUrl)
    }

    if (idTokenHint) {
      url.searchParams.set('id_token_hint', idTokenHint)
    }

    return url.toString()
}

A part of the above implementation is already done https://github.com/keycloak/keycloak-nodejs-connect/issues/420.

claudiunicolaa commented 2 years ago

I'm happy to create a PR for it, but first I'm waiting for a maintainer to take a look and validate that my idea looks good.