Don't require post_logout_redirect_uri
#233
Comments
|
I was able to work around this by creating a custom endpoint: const server = new OAuth2Server();
server.service.requestHandler.get(`/connect/endSession`, (req, res) => {
server.service.emit("customBeforePostLogoutRedirect", req, res);
res.status(204).end();
});
await server.issuer.keys.add(key);
await server.start(port, "0.0.0.0"); |
|
Hi, I just ran into the exact same issue. @meesvandongen could you reopen the issue? Even though you found a workaround I still belive this should be fixed within the library. |
|
Thanks @meesvandongen |
markbrockhoff
added a commit
to markbrockhoff/oauth2-mock-server
that referenced
this issue
Aug 27, 2024
Instead of throwing an error if the post logout redirect url isn't present no redirect will happen but instead a simple page with the text "Logout successful" will be returned. It can be used to verify the logout e.g. during integration tests.
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
The
post_logout_redirect_uriis not required in the openid specification. https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout ; However, the oauth2-mock-server checks for this anyway.Desired solution
The post logout redirect uri is not checked.
Alternative solutions
make it configurable somehow.
The text was updated successfully, but these errors were encountered: