OneLogin OIDC post_logout_redirect_uri issue

omniauth / omniauth_openid_connect

MIT License

168 stars 187 forks source link

OneLogin OIDC post_logout_redirect_uri issue #140

Open kitebuggy opened 1 year ago

kitebuggy commented 1 year ago

OneLogin requires the encoded id_token for the post_logout_redirect to work. I cannot see any way of obtaining that value from either Devise or Omniauth to easily monkey-patch the logout URI to include this to make this feature work.

Any suggestions? Thanks in advance!

CSDUMMI commented 1 year ago

When using keycloak the id_token_hint must be provided to directly redirect to the post_logout_uri without a confirmation dialog. I implemented a patch to this gem that successfully skipped this confirmation dialog.

I am hesitant to create a PR for this though, as I don' know whether other IdPs use the id_token_hint.

If this works for you, I'll consider making a PR to enable sending the access token as id_token_hint through an option.

kitebuggy commented 1 year ago

Thanks, this is the info I needed. I'll comment directly on the patch for another matter, but this is a great insight, thank you!

kitebuggy commented 1 year ago

This is perfect, thanks for submitting the PR!