Bug: post_logout_redirect_url after /api/auth/logout does not redirect to specified url

[DJKnaeckebrot]

Prerequisites

• [X] I have searched the repository’s issues and Kinde community to ensure my issue isn’t a duplicate
• [X] I have checked the latest version of the library to replicate my issue
• [X] I have read the contributing guidelines
• [X] I agree to the terms within the code of conduct

Describe the issue

When loging a user out via the /api/auth/logout?post_logout_redirect_url=/login?type=bewerben url it redirects me to my POST_LOGOUT_REDIRECT_URL I have set in my .env in this case /login without the additional params. I also changed this in the env to be /dashboard and as expected I get forwarded to /dashboard instead of /login?type=bewerben.

Library URL

https://github.com/kinde-oss/kinde-auth-nextjs

Library version

2.1.15

Operating system(s)

Windows

Operating system version(s)

11 Version 23H2 (Build 22631.3155)

Further environment details

Node: v18.18.2 NextJS: 13.4.19

Reproducible test case URL

No response

Additional information

No response

[DaveOrDead]

Thanks for raising this @DJKnaeckebrot

To provide some context, there is the .env variable KINDE_POST_LOGOUT_REDIRECT_URL this typically is the one that you would have mapped in the Kinde admin area in the Allowed logout redirect urls - if it isn't mapped there then it will fall back to a default Kinde log out screen.

There is then the argument to <LogoutLink /> which is post_logout_redirect_url the idea of this one is to be able to provide dynamic logout URLs that differ from the default.

The idea was that this way you could add a single logout url to the allow list (as it could be a headache to add every conceivable url) and then forward the user onwards on return to your application. (This is the same way the post_login_redirect_url argument works for logging in - typically that is used to remember where they were trying to visit).

With the LoginLink argument, the param is stored in the NextJS SessionManager - essentially just a cookie which can be accessed when you are redirected back from Kinde.

One approach you could use (I should add a caveat here that I am not a NextJS expert and @peterphanouvong may well have a better solution) is having a global logout route (could also be middleware I expect) something like:

.env

KINDE_POST_LOGOUT_REDIRECT_URL=http://localhost:3000/api/logout

^ this should also be added in Allowed logout redirect URLs

/api/logout

import { cookies } from "next/headers";
import { NextRequest, NextResponse } from "next/server";

export async function GET(request) {
  const cookieJar = cookies();

  const path = cookieJar.get("post_logout_redirect_url").value;

  return NextResponse.redirect(new URL(path, request.url));
}

The /api/logout is then able to handle any values passed to <LogoutLink post_logout_redirect_url="/some-where-else" />

[DaveOrDead]

Closing this one as no response suggests resolved