solid-auth-client icon indicating copy to clipboard operation
solid-auth-client copied to clipboard
verified publisher icon nodeSolidServer

Use logoutRequest instead of logout

Open RubenVerborgh opened this issue 7 years ago • 8 comments

https://github.com/solid/node-solid-server/pull/835#issuecomment-426430501

RubenVerborgh avatar Oct 02 '18 21:10 RubenVerborgh

This is for 5.0.0, since that's when we have the other stuff refactored?

kjetilk avatar Oct 02 '18 23:10 kjetilk

It's the client; it evolves independently.

RubenVerborgh avatar Oct 02 '18 23:10 RubenVerborgh

Uhm, slaps forehead

kjetilk avatar Oct 03 '18 10:10 kjetilk

@dmitrizagidulin What parameters should I call logoutRequest with? I currently just get /logout back; no OIDC parameters in there.

RubenVerborgh avatar Oct 06 '18 20:10 RubenVerborgh

Excellent question. So, the logoutRequest docstring goes into detail on each parameter, but I'll summarize:

  • id_token_hint (required for our workflow) - this is the serialized ID Token from the session object. It serves to authenticate the user to the logout endpoint, etc.
  • post_logout_redirect_uri (optional but useful) - the url that the user gets redirected to after logout. Must be pre-registered btw (during the time of client dynamic registration).
  • state (highly optional, depends on the app) - Opaque value used by the RP to maintain state between the logout request and the callback to the endpoint specified by the post_logout_redirect_uri query parameter.

Do those make sense?

dmitrizagidulin avatar Oct 06 '18 22:10 dmitrizagidulin

@dmitrizagidulin But where do I get id_token_hint from?

RubenVerborgh avatar Oct 06 '18 22:10 RubenVerborgh

It’s just the ‘id_token’ from session

dmitrizagidulin avatar Oct 06 '18 22:10 dmitrizagidulin

Ok let me try that, thanks!

RubenVerborgh avatar Oct 06 '18 22:10 RubenVerborgh