Open jvinolas opened 3 years ago
As a workaround now I just replaced the logout redirect in auth.go to return c.Redirect(http.StatusMovedPermanently, "https://myapp.server") and it works as the app brings back to mokey login with the login_challenge.
I've found that my workaround is not working as now when coming from hydra there is no mokey cookie (no sid or user found in session) and then the hydra revoke fails.
Is the logout flow missing in mokey? Or am I misunderstanding the OpenID logout flow?
Yes, this logout flow is not implemented in mokey. Currently, the logout just revokes the hydra session using the admin api.
Any plans to implement it to accomplish OpenID standard with hydra? Thanks
When doing logout from a client app this is the flow happening:
As stated on hydra documentation, there is a flow and there is a post_logout_redirect_uri where the user should be redirected after logout (and also an optional logout consent page). As I understand mokey should get that post redirect parameter from the logout flow from hydra and in the end redirect there (to the app), so when the user wants to log in again, the app will redirect with the login_challenge parameter from hydra (login flow).
Is the logout flow missing in mokey? Or am I misunderstanding the OpenID logout flow?