Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openid-connect-session RPLogout does not work without id token #322

Closed
danielwegener opened this issue May 17, 2018 · 1 comment
Closed

openid-connect-session RPLogout does not work without id token #322

danielwegener opened this issue May 17, 2018 · 1 comment
Labels
feature-request Improvements and additions to the library.

Comments

@danielwegener
Copy link

Hi there. I have disabled the id_token in my auth configuration (since I do not need it). The spec (https://openid.net/specs/openid-connect-session-1_0.html#RPLogout) suggests to provide an id_token_hint, but it is not mandatory. However, angular-oauth2-oidc does seem to skip the OP logout redirect if no id_token is available (see https://github.com/manfredsteyer/angular-oauth2-oidc/blob/master/projects/lib/src/oauth-service.ts#L1701).
I wonder if we could remove this if-condition and simply omit the id_token_hint.
@manfredsteyer
Copy link
Owner

Good idea. I would say, when there is a postLogoutRedirectUri, we redirect to it regardless whether there is an id_token or not. Will be part of the next release.

@manfredsteyer manfredsteyer added the feature-request Improvements and additions to the library. label May 20, 2018
manfredsteyer added a commit that referenced this issue May 20, 2018
@manfredsteyer
#322
2c6ba16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Improvements and additions to the library.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manfredsteyer @danielwegener