(Signicat Express) OIDC logout

Questions and Answers Express
1

Question:

Hi,

trying to end the OIDC session with a logout. I don’t find any documentation on this but find some clues in the demo page.

I request a logout with the following uri and this renders a logout page with a logout button. When logout button is clicked no redirect is made. Is it possible to have automatic logout (without the button click) and redirect? How do I achieve this?

https://login-test.idfy.no/logout?post_logout_redirect_uri=http://localhost:3000

GYfwZ9I6ii-WMPVugYoCIQ

Answer:

In order to log automatically log out the user you need to provide an ID token of the user as a query parameter id_token_hint.

Example:

Identity Portal
post_logout_redirect_uri has no effect unless the id_token_hint parameter is provided.

The id_token_hint is used as proof that your application has previously authenticated the user, and is used to verify that your post_logout_redirect_uri is configured on your client.

2

Reply from OP
Is this information still correct? When looking at the well-known document it says that the end_session endpoints is

https://login-test.signicat.io/connect/endsession

When we send a request to this url, with a post_logout_redirect_uri parameter set, all that happens is the browser gets a 302 to

https://login-test.signicat.io/logout?logoutId=

But any request parameters set on the endsession endpoint is removed when this redirect happens. So the users always end up at the signicat logout page.

UPDATE:

Turns out it does work, as long as the Post-logout redirect URIs is properly configured in the admin interface. If they don’t match it will not throw a warning, but just go to the signicat logout page. I would love to see some logging in the admin interface about logout, there is zero information about that, could have helped in this scenario.