no redirect after logout.

nokia / kong-oidc

OIDC plugin for Kong

Apache License 2.0

454 stars 321 forks source link

no redirect after logout. #36

Closed anselmevignon closed 6 years ago

anselmevignon commented 6 years ago

After a sucessful logout, the client is not redirected to the login page. That is because:

When calling logout, the plugin redirects to discovery.end_session_endpoint with no redirect_uri parameter.
No redirect_after_logout_uri parameter is passed to lua-resty-openidc.

One possible fix would be to copy the redirect_uri to the redirect_after_logout_uri parameter. Alternatively, one could add a "redirect_after_logout_uri" parameter to the plugin.

What do you think ?

Trojan295 commented 6 years ago

Fallback to redirect_uri_path could be a solution, although it's designed to be used after a successful redirect. I think it's better to add an additional parameters, which will be passed to lua-resty-openidc.

anselmevignon commented 6 years ago

That makes sense, so adding a redirect_after_logout_uri parameter, with a "null" default would be the prefered solution ?

Trojan295 commented 6 years ago

I think leaving it as optional and passing only in case is set is fine. You're welcome to contribute! If you have any questions catch me on gitter on in the room for this project: https://gitter.im/nokia/kong-oidc :)

Trojan295 commented 6 years ago

Config for redirect_after_logout_uri was merged. Closing this.