From 34aba30cf7bcc2f9f0a624671446177e05dfc2b0 Mon Sep 17 00:00:00 2001
From: Curt Tudor <curt@rentallect.com>
Date: Thu, 7 Mar 2024 11:09:37 -0700
Subject: [PATCH] fix: improve Auth0 IdP logout (#267)

---
 src/oidc/utils.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/oidc/utils.js b/src/oidc/utils.js
index 2cc66e1..0c7bde2 100644
--- a/src/oidc/utils.js
+++ b/src/oidc/utils.js
@@ -29,6 +29,7 @@ import {
     validateAuthResponse
 } from 'oauth4webapi';
 import { isEqual } from 'lodash-es';
+import jwtDecode from 'jwt-decode';
 
 
 export const discoverAuthServer = (issuerURL) => discoveryRequest(issuerURL).then(res => processDiscoveryResponse(issuerURL, res));
@@ -267,8 +268,16 @@ export const pkceLogout = async (oidcConfig, redirectURI) => {
         let asurl = new URL(authorizationServer.authorization_endpoint);
 
         if (asurl.hostname.includes('auth0.com')) {
+
+            let decoded_access_token = jwtDecode(access_token);
+            let exp = decoded_access_token.exp;
+            let isExpired = false;
+            if (Date.now() >= exp * 1000) {
+                isExpired = true;
+            }
+              
             let url;
-            if (!isEqual(access_token, null)) {  
+            if (!isEqual(access_token, null) && !isExpired) {  
                 url = `${asurl.protocol}//${asurl.hostname}/v2/logout?id_token_hint=${access_token}client_id=${oidcConfig.client_id}&returnTo=${redirectURI}`;
             } else {
                 url = `${asurl.protocol}//${asurl.hostname}/v2/logout?client_id=${oidcConfig.client_id}&returnTo=${redirectURI}`;