OAuth provider AWS Cognito requires a number of query parameters (at least two: a client id and a redirect URI, but possibly more) when hitting the /logoutendpoint
It seems that Vouch only allows the first query parameter to pass through, I get a 400 Bad Request with a log output to effect of:
/logout The requested url is not present in `vouch.post_logout_redirect_uris`: https://my-domain.amazoncognito.com/logout?redirect_uri=https://vouch.mysite.co.za/auth
When the URL specified in vouch.post_logout_redirect_uris is
The effect of which is that I cannot use the Vouch /logout endpoint to sign out in this way.
Caveat
There is a different approach for anyone using AWS Cognito which is to logout of the IdP first and then redirect back to the Vouch logout endpoint, so essentially reversing the flow
As a result, I don't need this issue to be resolved, but it may be worth changing Vouch's behaviour if this behaviour was not intended. Otherwise this issue can hopefully still be helpful to anyone else trying to use Vouch with AWS Cognito.
Expected behavior
I expect that the requested URL, i.e. the NEXT_URL in /logout?url=NEXT_URL, will be passed through with all the query parameters listed in vouch.post_logout_redirect_uris
Desktop (please complete the following information):
Problem description
OAuth provider AWS Cognito requires a number of query parameters (at least two: a client id and a redirect URI, but possibly more) when hitting the
/logout
endpointIt seems that Vouch only allows the first query parameter to pass through, I get a 400 Bad Request with a log output to effect of:
When the URL specified in
vouch.post_logout_redirect_uris
isand the full request was
The effect of which is that I cannot use the Vouch
/logout
endpoint to sign out in this way.Caveat
There is a different approach for anyone using AWS Cognito which is to logout of the IdP first and then redirect back to the Vouch logout endpoint, so essentially reversing the flow
As a result, I don't need this issue to be resolved, but it may be worth changing Vouch's behaviour if this behaviour was not intended. Otherwise this issue can hopefully still be helpful to anyone else trying to use Vouch with AWS Cognito.
Expected behavior
I expect that the requested URL, i.e. the
NEXT_URL
in/logout?url=NEXT_URL
, will be passed through with all the query parameters listed invouch.post_logout_redirect_uris
Desktop (please complete the following information):