The playground app was not able to logout of federated IdPs previously. This PR fixes the issue and allows federated IdP logout. This is done by passing the id token hint as a logout parameter if it is not null or empty. However, if it is null or empty, the client id will be passed instead.
In the authorization code grant type flow, after logging in and prior to getting the access token, the id token hint will be not be available as is the expected behaviour. Therefore, the client id will be used in logout, which is only supported in IS version 6.0 onwards as of now. To enable client id logout in versions 6.0 and 6.1, add the following configurations to the deployment.toml file.
[oauth.oidc.logout_params]
use_client_id=true
Goals
Fix federated IdP logout in the playground app.
Approach
Updates the logout request to include the id token hint or client id as a parameter.
Purpose
The playground app was not able to logout of federated IdPs previously. This PR fixes the issue and allows federated IdP logout. This is done by passing the id token hint as a logout parameter if it is not null or empty. However, if it is null or empty, the client id will be passed instead.
In the authorization code grant type flow, after logging in and prior to getting the access token, the id token hint will be not be available as is the expected behaviour. Therefore, the client id will be used in logout, which is only supported in IS version 6.0 onwards as of now. To enable client id logout in versions 6.0 and 6.1, add the following configurations to the deployment.toml file.
Goals
Fix federated IdP logout in the playground app.
Approach
Updates the logout request to include the id token hint or client id as a parameter.
Related Issues