RP-Initiated Logout doesn't work

[leorb]

Describe the bug

When the browser is directed to the logout endpoint, Hydra responds with "invalid_request" error.

Reproducing the bug

Steps to reproduce the behavior:

1. Set OAUTH2_ISSUER_URL issuer parameter value for Hydra to a URL that does not contain a trailing slash ie. http://localhost:4444
2. Start Hydra
3. Mint an ID token
4. Go to the logout endpoint, specifying the ID token in the id_token_hint parameter as recommended by the spec
5. See the error.

Server logs

Stack trace: 
github.com/ory/hydra/consent.(*DefaultStrategy).issueLogoutVerifier
    /go/src/github.com/ory/hydra/consent/strategy_default.go:776
github.com/ory/hydra/consent.(*DefaultStrategy).HandleOpenIDConnectLogout
    /go/src/github.com/ory/hydra/consent/strategy_default.go:941
github.com/ory/hydra/oauth2.(*Handler).LogoutHandler
    /go/src/github.com/ory/hydra/oauth2/handler.go:121
github.com/julienschmidt/httprouter.(*Router).ServeHTTP
    /go/pkg/mod/github.com/julienschmidt/httprouter@v1.2.0/router.go:334

Expected behavior Hydra should log out the End-User and redirect the browser to the post_logout_redirect_uri.

Environment

• Version: v1.0.0

Additional context It seems that the problem is something along these lines:

1. Hydra appends a slash to the ISSUER_URL (discussed in #1041 and #1482)
2. The issuer + slash are subsequently reflected in the iss field of the token
3. logout verification fails because the issuer in the id_token_hint is not the same as the issuer specified in the config.

A possible workaround might be to specify the trailing slash in the config file.

[aeneasr]

Nice find! I think this can easily be fixed by TrimRight(..., "/") + "/" here

[aeneasr]

Are you up for a PR? :)

[leorb]

Thank you!