-
Notifications
You must be signed in to change notification settings - Fork 433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support endSession for Auth0 (not conform OIDC endpoint) #1197
Comments
So you are running with auth0 I think. Can you post your config? Take care of erasing sensitive data before posting :) |
Here's my config: const openIdConfig: OpenIdConfiguration = {
authority: 'https://****.eu.auth0.com',
redirectUrl: 'http://localhost:4200',
postLogoutRedirectUri: 'http://localhost:4200',
clientId: '********************************',
scope: 'openid profile offline_access email',
responseType: 'code',
silentRenew: true,
useRefreshToken: true,
customParamsRefreshTokenRequest: {
scope: 'openid profile offline_access email'
},
logLevel: environment.production ? LogLevel.Error : LogLevel.Debug,
postLoginRoute: '/',
forbiddenRoute: '/forbidden',
unauthorizedRoute: '/unauthorized',
historyCleanupOff: true,
triggerAuthorizationResultEvent: true
}; Btw, at the moment I fixed it with to following code: this.oidcSecurityService.logoffAndRevokeTokens().subscribe((result) => {
if (!this.oidcSecurityService.getConfiguration().authWellknownEndpoints?.endSessionEndpoint) {
const logoutRedirect = this.oidcSecurityService.getConfiguration().postLogoutRedirectUri;
if (logoutRedirect) {
this.document.location.href = logoutRedirect;
}
}
}); And I did some research and found the following in a Svelte library: https://github.com/dopry/svelte-oidc/blob/5401fed67175c6cdb512dca788cb2aba7bda8378/src/components/OidcContext.svelte#L83 |
That comment says what I thought but did not hope for 😂. Hmm... alright, this is a bug then. We have to look into this. |
@jochenjonc if you want you can review the PR. What do you think? @damienbod what do you think? |
Hi @jochenjonc If there is no end_session_endpoint the postLogoutRedirectUri is not used. This parameter is what the STS or the IDP, in your case Auth0 would redirect to after the end_session_endpoint has been requested. The IDP uses this to redirect back to the client once the sign-out is complete on the server. Since this is not supported, then it is not used, which is correct. You solution is good but of course you are still logged in on the server. Greetings Damien |
Looks like Auth0 does not support an OIDC conform endsession |
added a fix for this in version 12.0.2, thanks for reporting |
When switching from v11 to v12 I noticed that after a logout I was no longer redirected to the logout url.
In the console debug log I found: "only local login cleaned up, no end_session_endpoint".
The cause is that the end_session_endpoint cannot be found in the .well-known/openid-configuration from Auth0.
I have two questions:
angular-auth-oidc-client/projects/angular-auth-oidc-client/src/lib/logoffRevoke/logoff-revocation.service.ts
Lines 35 to 43 in 3de72d5
angular-auth-oidc-client/projects/angular-auth-oidc-client/src/lib/utils/url/url.service.ts
Lines 97 to 101 in 3de72d5
The text was updated successfully, but these errors were encountered: