Open CSDUMMI opened 1 year ago
Great work, thank you.
The tests fail because access_token
is now called by encoded_post_logout_redirect_uri
and this function calls client.access_token!
if no access token has previously been fetched.
The tests do not mock this function and thus a request to example.com
is made - expecting an access token but receiving HTML.
I don't know enough about stubbing in Ruby to stub this particular behavior.
@stanhu can you review this PR or is there somebody else I can talk to?
Hello everyone! Will this PR be merged at some point? Thanks for your work.
The OneLogin IdP requires the
id_token_hint
field to be set to the previously issued access token in the end session uri to perform a logout and redirect the user to the post logout uri.[^1]The Keycloak IdP requires the
id_token_hint
field to be set to avoid a confirmation dialog before redirecting them to the post logout uri.[^2]This PR adds the
id_token_hint
to support this behavior by the IdPs. I'm open to only enabling this through an option that is disabled by default.[^1]: See #140 and https://developers.onelogin.com/openid-connect/api/logout [^2]: See keycloak documentation: https://www.keycloak.org/docs/latest/securing_apps/#logout