Skip to content

Commit

Permalink
Merge pull request #267 from auth0/fix-id-token-hint-on-logout
Browse files Browse the repository at this point in the history 
Get the ID Token before deleting the session
  • Loading branch information
@adamjmcgrath
adamjmcgrath committed Feb 1, 2021
2 parents c50c5f5 + d656699 commit 54894c6
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
3 changes: 2 additions & 1 deletion src/auth0-session/handlers/logout.ts
View file
Expand Up @@ -32,6 +32,7 @@ export default function logoutHandlerFactory(
return;
}

const idToken = sessionCache.getIdToken(req, res);
sessionCache.delete(req, res);

if (!config.idpLogout) {
Expand All @@ -46,7 +47,7 @@ export default function logoutHandlerFactory(
const client = await getClient();
returnURL = client.endSessionUrl({
post_logout_redirect_uri: returnURL,
id_token_hint: sessionCache.getIdToken(req, res)
id_token_hint: idToken
});

debug('logging out of identity provider, redirecting to %s', returnURL);
Expand Down
7 changes: 5 additions & 2 deletions tests/auth0-session/handlers/logout.test.ts
View file
Expand Up @@ -55,7 +55,7 @@ describe('logout route', () => {
});

it('should perform a distributed logout', async () => {
const baseURL = await setup({ ...defaultConfig, idpLogout: true });
const baseURL = await setup({ ...defaultConfig, auth0Logout: false, idpLogout: true });
const cookieJar = await login(baseURL);

const session: SessionResponse = await get(baseURL, '/session', { cookieJar });
Expand All @@ -71,7 +71,10 @@ describe('logout route', () => {
hostname: 'op.example.com',
pathname: '/session/end',
protocol: 'https:',
query: expect.objectContaining({ post_logout_redirect_uri: baseURL })
query: {
post_logout_redirect_uri: baseURL,
id_token_hint: session.id_token
}
});
});

Expand Down

0 comments on commit 54894c6

Please sign in to comment.