-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't require post_logout_redirect_uri
#233
Comments
I was able to work around this by creating a custom endpoint: const server = new OAuth2Server();
server.service.requestHandler.get(`/connect/endSession`, (req, res) => {
server.service.emit("customBeforePostLogoutRedirect", req, res);
res.status(204).end();
});
await server.issuer.keys.add(key);
await server.start(port, "0.0.0.0"); |
Hi, I just ran into the exact same issue. @meesvandongen could you reopen the issue? Even though you found a workaround I still belive this should be fixed within the library. |
Thanks @meesvandongen |
markbrockhoff
added a commit
to markbrockhoff/oauth2-mock-server
that referenced
this issue
Aug 27, 2024
Instead of throwing an error if the post logout redirect url isn't present no redirect will happen but instead a simple page with the text "Logout successful" will be returned. It can be used to verify the logout e.g. during integration tests.
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
The
post_logout_redirect_uri
is not required in the openid specification. https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout ; However, the oauth2-mock-server checks for this anyway.Desired solution
The post logout redirect uri is not checked.
Alternative solutions
make it configurable somehow.
The text was updated successfully, but these errors were encountered: