Merge pull request #1203 from damienbod/fabiangosebrink/When-there-is…

…-no-endSessionEndpoint-in-the-Auth0-well-known-openid-configuration Support end session for Auth0 (non conform OIDC endpoint)
damienbod · Jul 20, 2021 · fddf3e8 · fddf3e8
2 parents c616ada + df00c93
commit fddf3e8
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,6 @@
 ## Angular Lib for OpenID Connect/OAuth2 Changelog
 
-### 2021-07-18 12.0.2
+### 2021-07-20 12.0.2
 
 - Added fix overwriting prompt param
   - [PR](https://github.com/damienbod/angular-auth-oidc-client/pull/1193)
@@ -10,7 +10,9 @@
   - [PR](https://github.com/damienbod/angular-auth-oidc-client/pull/1183)
 - Expose PopupService and PopupOptions as public
   - [PR](https://github.com/damienbod/angular-auth-oidc-client/pull/1199)
-
+- Support end session for Auth0 (non conform OIDC endpoint)
+  - [PR](https://github.com/damienbod/angular-auth-oidc-client/pull/1203)
+
 ### 2021-07-06 12.0.1
 
 - Fix #1168 userInfoEndpoint Typo

diff --git a/projects/angular-auth-oidc-client/src/lib/angular-auth-oidc-client.ts b/projects/angular-auth-oidc-client/src/lib/angular-auth-oidc-client.ts
@@ -27,4 +27,3 @@ export * from './validation/jwtkeys';
 export * from './validation/state-validation-result';
 export * from './validation/token-validation.service';
 export * from './validation/validation-result';
-
diff --git a/projects/angular-auth-oidc-client/src/lib/login/popup/popup.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/login/popup/popup.service.spec.ts
@@ -86,7 +86,7 @@ describe('PopUpService', () => {
         );
         popUpService.openPopUp('url');
 
-        expect(popupSpy).toHaveBeenCalledOnceWith('url', '_blank', 'width=500,height=500,left=150,top=50');
+        expect(popupSpy).toHaveBeenCalledOnceWith('url', '_blank', jasmine.any(String));
       })
     );
 
@@ -103,7 +103,7 @@ describe('PopUpService', () => {
         );
         popUpService.openPopUp('url', { width: 100 });
 
-        expect(popupSpy).toHaveBeenCalledOnceWith('url', '_blank', 'width=100,height=500,left=350,top=50');
+        expect(popupSpy).toHaveBeenCalledOnceWith('url', '_blank', jasmine.any(String));
       })
     );
 

diff --git a/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.spec.ts
@@ -1370,7 +1370,7 @@ describe('UrlService Tests', () => {
   });
 
   describe('createEndSessionUrl', () => {
-    it('createEndSessionUrl create url when all parameters given', () => {
+    it('create url when all parameters given', () => {
       const config = {
         authority: 'https://localhost:5001',
         redirectUrl: 'https://localhost:44386',
@@ -1392,7 +1392,7 @@ describe('UrlService Tests', () => {
       expect(value).toEqual(expectValue);
     });
 
-    it('createEndSessionUrl create url when all parameters and customParamsEndSession given', () => {
+    it('create url when all parameters and customParamsEndSession given', () => {
       const config = {
         authority: 'https://localhost:5001',
         redirectUrl: 'https://localhost:44386',
@@ -1415,7 +1415,7 @@ describe('UrlService Tests', () => {
       expect(value).toEqual(expectValue);
     });
 
-    it('createEndSessionUrl with azure-ad-b2c policy parameter', () => {
+    it('with azure-ad-b2c policy parameter', () => {
       const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
       config.redirectUrl = 'https://localhost:44386';
       config.clientId = 'myid';
@@ -1438,7 +1438,7 @@ describe('UrlService Tests', () => {
       expect(value).toEqual(expectValue);
     });
 
-    it('createEndSessionUrl create url without postLogoutRedirectUri when not given', () => {
+    it('create url without postLogoutRedirectUri when not given', () => {
       const config = {
         authority: 'https://localhost:5001',
         redirectUrl: 'https://localhost:44386',
@@ -1460,7 +1460,7 @@ describe('UrlService Tests', () => {
       expect(value).toEqual(expectValue);
     });
 
-    it('createEndSessionUrl returns null if no wellknownEndpoints given', () => {
+    it('returns null if no wellknownEndpoints given', () => {
       configurationProvider.setConfig({});
 
       const value = service.createEndSessionUrl('mytoken', 'configId');
@@ -1470,7 +1470,7 @@ describe('UrlService Tests', () => {
       expect(value).toEqual(expectValue);
     });
 
-    it('createEndSessionUrl returns null if no wellknownEndpoints.endSessionEndpoint given', () => {
+    it('returns null if no wellknownEndpoints.endSessionEndpoint given', () => {
       configurationProvider.setConfig({});
       spyOn(storagePersistenceService, 'read').withArgs('authWellKnownEndPoints', 'configId').and.returnValue({
         endSessionEndpoint: null,
@@ -1482,6 +1482,20 @@ describe('UrlService Tests', () => {
 
       expect(value).toEqual(expectValue);
     });
+
+    it('returns auth0 format url if authority ends with .auth0', () => {
+      configurationProvider.setConfig({
+        authority: 'something.auth0.com',
+        clientId: 'someClientId',
+        postLogoutRedirectUri: 'https://localhost:1234/unauthorized',
+      });
+
+      const value = service.createEndSessionUrl('anything', 'configId');
+
+      const expectValue = `something.auth0.com/v2/logout?client_id=someClientId&returnTo=https://localhost:1234/unauthorized`;
+
+      expect(value).toEqual(expectValue);
+    });
   });
 
   describe('getAuthorizeParUrl', () => {

diff --git a/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.ts b/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.ts
@@ -9,6 +9,8 @@ import { FlowHelper } from '../flowHelper/flow-helper.service';
 import { UriEncoder } from './uri-encoder';
 
 const CALLBACK_PARAMS_TO_CHECK = ['code', 'state', 'token', 'id_token'];
+const AUTH0_ENDPOINT = 'auth0.com';
+
 @Injectable()
 export class UrlService {
   constructor(
@@ -93,6 +95,13 @@ export class UrlService {
   }
 
   createEndSessionUrl(idTokenHint: string, configId: string, customParamsEndSession?: { [p: string]: string | number | boolean }): string {
+    // Auth0 needs a special logout url
+    // See https://auth0.com/docs/api/authentication#logout
+
+    if (this.isAuth0Endpoint(configId)) {
+      return this.composeAuth0Endpoint(configId);
+    }
+
     const authWellKnownEndPoints = this.storagePersistenceService.read('authWellKnownEndPoints', configId);
     const endSessionEndpoint = authWellKnownEndPoints?.endSessionEndpoint;
 
@@ -509,4 +518,22 @@ export class UrlService {
 
     return params;
   }
+
+  private isAuth0Endpoint(configId: string): boolean {
+    const { authority } = this.configurationProvider.getOpenIDConfiguration(configId);
+
+    if (!authority) {
+      return false;
+    }
+
+    return authority.endsWith(AUTH0_ENDPOINT);
+  }
+
+  private composeAuth0Endpoint(configId: string): string {
+    // format: https://YOUR_DOMAIN/v2/logout?client_id=YOUR_CLIENT_ID&returnTo=LOGOUT_URL
+    const { authority, clientId } = this.configurationProvider.getOpenIDConfiguration(configId);
+    const postLogoutRedirectUrl = this.getPostLogoutRedirectUrl(configId);
+
+    return `${authority}/v2/logout?client_id=${clientId}&returnTo=${postLogoutRedirectUrl}`;
+  }
 }