Require a redirect flow for end_session endpoint handling about appauth-js HOT 17 OPEN

still not support for this?

from appauth-js.

It works to me:

export const logout = () => AuthorizationServiceConfiguration.fetchFromIssuer(process.env.OPENID_CONFIG_URL, new FetchRequestor())
  .then((configResponse) => {
    const idTokenHint = JSON.parse(window.localStorage.getItem('token'))?.idToken // LocalStorage from browser
    const logoutReqURL = `${configResponse.endSessionEndpoint}?id_token_hint=${idTokenHint}&post_logout_redirect_uri=${process.env.OPENID_REDIRECT_URL}`
    return (window.location.href = logoutReqURL)
  })

from appauth-js.

This is the current draft of the logout spec http://openid.net/specs/openid-connect-session-1_0.html#RPLogout (Section 5, in draft 28), and what we implemented in AppAuth for iOS. Note that the one linked in the previous comment is a very old draft (version -00) that should not be used. As a warning, the FrontChannel draft contains some duplicated information is also a little out of sync – so be sure to use the correct authoritative draft for Logout.

Before implementing EndSession on iOS, we refactored APIs related to opening the Authorization Request in the user agent, and made them generic. That was done in: openid/AppAuth-iOS#212. So now "Authorization Requests" and "End Session" requests are specializations of a generic "External User Agent" request. Once that change was made, supporting EndSession was fairly simple.

from appauth-js.

See also the same feature request for AppAuth for Android.

from appauth-js.

Hello @danilocontini !

I'm actually doing the same logout/end_session for keycloak and I tried your code but it's only works without the param. With the param I get an error "Invalid parameter: id_token_hint" . The fact is I don't really know what is the idTokenHint. It's the accessToken/refreshToken of the user ? Could you tell me what you put in this variable if you don't mind ?

Have a nice day !

from appauth-js.

Hi @markphillips100. Sorry about the delay. I promise to take a look at this soon. Is there a public provider implements end session handling ? Also, is there an RFC that I can look it ?

from appauth-js.

I only know of the open id specs: http://openid.net/specs/openid-connect-session-1_0-00.html. As for support from public openid providers I imagine all that say they are "open id compliant" would implement the end_session (single sign-out) endpoint. As an example, AAD v2.0 does: AAD single sign-out.

If you want an example of a really good JS client library implementing all the openid endpoints I highly recommend oidc-client-js. It's specifically written for Single-Page App Javascript clients using the Implicit flow so not suitable for a native app. However, its use of end_session, token, and also quite importantly, jwks_uri endpoint for validation should be useful examples.

from appauth-js.

@tikurahul is it likely that this library will support something like what @WilliamDenniss described? So, assuming end session and user info endpoints don't get implemented, we can at least extend the library for that support.

My fork adds support for end session and userinfo because I need them but would prefer a way of extending the library externally. I admit I haven't looked at the v1 release to see if I still need to do this.

from appauth-js.

AppAuth-JS 1.0 does not yet support the end session redirect handler and the userInfo API. Both I think would be very useful to have. There are some structural changes in AppAuth-JS 1.0, but for the most part your commits look very reasonable additions to the library. When you say you wanted to extend the library - were you referring to dedicated APIs ? You have already extended the library afaict. 😃

from appauth-js.

from appauth-js.

there's any estimate for integrate this? I think that end session i really important, build an app and don't let the user to sign-out or end the session is like to deliver something incomplete

from appauth-js.

If you are using ionic you could use my package, it is built off app-auth-js and included both user info and end session handlers. ionic-appauth

from appauth-js.

Any updates on how to logout/ end_session? I would love to have this feature.

from appauth-js.

any reason why the end session redirect handler has not yet been added to the library? would you appreciate a PR regarding the end session redirect handler?

from appauth-js.

Any updates? Just had this come up in the app I'm currently tasked with working on

from appauth-js.

Still no way to logout/end_session?

from appauth-js.

@cocoBiturbo

A bit late, but for future readers:
What danilocontini posted worked for me with Keycloak, you need to inject the idToken which you receive in your token request:

tokenHandler.performTokenRequest(authServiceConfiguration, tokenRequest)
  .then((tokenResponse) => {
    // tokenResponse.idToken   <<<<<<<<<<<<
    ....
  })

In my case I received Invalid parameter: id_token_hint when I accidentally tried to inject the decoded idToken Json object instead of the encoded idToken JWT String, which works.

from appauth-js.