fix: AuthManager logout (#1767)

Co-authored-by: Dom Murray <[email protected]>
immutable · May 11, 2024 · 626130a · 626130a
1 parent fe50da2
commit 626130a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 31 deletions.
diff --git a/packages/passport/sdk/src/authManager.test.ts b/packages/passport/sdk/src/authManager.test.ts
@@ -148,13 +148,13 @@ describe('AuthManager', () => {
     });
 
     describe('when a logoutRedirectUri is specified', () => {
-      it('should set the endSessionEndpoint `post_logout_redirect_uri` and `client_id` query string params', () => {
+      it('should set the endSessionEndpoint `returnTo` and `client_id` query string params', () => {
         const configWithLogoutRedirectUri = getConfig({ logoutRedirectUri });
         const am = new AuthManager(configWithLogoutRedirectUri);
 
         const uri = new URL(logoutEndpoint, `https://${authenticationDomain}`);
         uri.searchParams.append('client_id', clientId);
-        uri.searchParams.append('post_logout_redirect_uri', logoutRedirectUri);
+        uri.searchParams.append('returnTo', logoutRedirectUri);
 
         expect(am).toBeDefined();
         expect(UserManager).toBeCalledWith(expect.objectContaining({
@@ -286,15 +286,6 @@ describe('AuthManager', () => {
   });
 
   describe('logout', () => {
-    it('should build the correct logout object', async () => {
-      mockGetUser.mockReturnValue(mockOidcUser);
-
-      const am = new AuthManager(getConfig({ logoutRedirectUri }));
-      const logoutArgs = await am.getLogoutArgs();
-
-      expect(logoutArgs.id_token_hint).toEqual(mockUser.idToken);
-    });
-
     it('should call redirect logout if logout mode is redirect', async () => {
       const configuration = getConfig({
         logoutMode: 'redirect',
@@ -500,7 +491,7 @@ describe('AuthManager', () => {
   describe('getDeviceFlowEndSessionEndpoint', () => {
     describe('with a logged in user', () => {
       describe('when a logoutRedirectUri is specified', () => {
-        it('should set the endSessionEndpoint `post_logout_redirect_uri` and `client_id` query string params', async () => {
+        it('should set the endSessionEndpoint `returnTo` and `client_id` query string params', async () => {
           mockGetUser.mockReturnValue(mockOidcUser);
 
           const am = new AuthManager(getConfig({ logoutRedirectUri }));
@@ -510,12 +501,12 @@ describe('AuthManager', () => {
           expect(uri.hostname).toEqual(authenticationDomain);
           expect(uri.pathname).toEqual(logoutEndpoint);
           expect(uri.searchParams.get('client_id')).toEqual(clientId);
-          expect(uri.searchParams.get('id_token_hint')).toEqual(mockUser.idToken);
+          expect(uri.searchParams.get('returnTo')).toEqual(logoutRedirectUri);
         });
       });
 
       describe('when no post_logout_redirect_uri is specified', () => {
-        it('should return the endSessionEndpoint without a `post_logout_redirect_uri` or `client_id` query string params', async () => {
+        it('should return the endSessionEndpoint without a `returnTo` or `client_id` query string params', async () => {
           mockGetUser.mockReturnValue(mockOidcUser);
 
           const am = new AuthManager(getConfig());
@@ -525,7 +516,6 @@ describe('AuthManager', () => {
           expect(uri.hostname).toEqual(authenticationDomain);
           expect(uri.pathname).toEqual(logoutEndpoint);
           expect(uri.searchParams.get('client_id')).toEqual(clientId);
-          expect(uri.searchParams.get('id_token_hint')).toEqual(mockUser.idToken);
         });
       });
     });

diff --git a/packages/passport/sdk/src/authManager.ts b/packages/passport/sdk/src/authManager.ts
@@ -3,7 +3,6 @@ import {
   ErrorTimeout,
   InMemoryWebStorage,
   User as OidcUser,
-  SignoutRedirectArgs,
   UserManager,
   UserManagerSettings,
   WebStorageStateStore,
@@ -50,7 +49,7 @@ const getAuthConfiguration = (config: PassportConfiguration): UserManagerSetting
   const endSessionEndpoint = new URL(logoutEndpoint, authenticationDomain.replace(/^(?:https?:\/\/)?(.*)/, 'https://$1'));
   endSessionEndpoint.searchParams.set('client_id', oidcConfiguration.clientId);
   if (oidcConfiguration.logoutRedirectUri) {
-    endSessionEndpoint.searchParams.set('post_logout_redirect_uri', oidcConfiguration.logoutRedirectUri);
+    endSessionEndpoint.searchParams.set('returnTo', oidcConfiguration.logoutRedirectUri);
   }
 
   const baseConfiguration: UserManagerSettings = {
@@ -358,22 +357,13 @@ export default class AuthManager {
     return response.data;
   }
 
-  public async getLogoutArgs(): Promise<SignoutRedirectArgs> {
-    const user = await this.getUser();
-
-    return {
-      id_token_hint: user?.idToken,
-    };
-  }
-
   public async logout(): Promise<void> {
     return withPassportError<void>(
       async () => {
-        const logoutArgs = await this.getLogoutArgs();
         if (this.logoutMode === 'silent') {
-          return this.userManager.signoutSilent(logoutArgs);
+          return this.userManager.signoutSilent();
         }
-        return this.userManager.signoutRedirect(logoutArgs);
+        return this.userManager.signoutRedirect();
       },
       PassportErrorType.LOGOUT_ERROR,
     );
@@ -393,9 +383,7 @@ export default class AuthManager {
     const endSessionEndpoint = new URL(logoutEndpoint, authenticationDomain);
     endSessionEndpoint.searchParams.set('client_id', oidcConfiguration.clientId);
 
-    const logoutArgs = await this.getLogoutArgs();
-    if (logoutArgs.id_token_hint) endSessionEndpoint.searchParams.set('id_token_hint', logoutArgs.id_token_hint);
-    if (logoutArgs.post_logout_redirect_uri) endSessionEndpoint.searchParams.set('post_logout_redirect_uri', logoutArgs.post_logout_redirect_uri);
+    if (oidcConfiguration.logoutRedirectUri) endSessionEndpoint.searchParams.set('returnTo', oidcConfiguration.logoutRedirectUri);
 
     return endSessionEndpoint.toString();
   }