Logging out of uoft hub does not actually log you out

[GeorgianaElena]

Description of problem and opportunity to address it

Context to understand the problem
When logging out of the UToronto hub, you're not actually being logged out, so a second attempt to login won't show you the University of Toronto login service page and you'll be logged in automatically.

Problem or idea
Once the logout button in hub is pressed, the user should be taken to the UofT login service screen.

Proposed solution
We had a similar issue with the Auth0 Authenticator before #422 that we managed to solve by enabling setting up a custom logout_url for any of the hub OAuthenticators types. We did setup a logout_url for the Auth0 authenticator:

infrastructure/deployer/auth.py

Lines 164 to 167 in 066f166

	"logout_redirect_url": str(
	URL(f"https://{self.domain}/v2/logout").with_query(
	logout_redirect_params
	)

But since the toronto hub uses the AzureAdOAuthenticator, we need to figure out the logout_url for that and configure it. (Maybe some useful docs)

What's the value and who would benefit
This would allow uoft users to do completely logout their hubs and close their sessions.

Implementation guide and constraints

No response

Updates and ongoing work

No response

[GeorgianaElena]

Reiterating on this comment from the PR:

Also, there's something that's bugging me about this logout on multiple levels process arrow_down

Should we in fact logout users out of their SSO?

Isn't the purpose of having Single sign-on to help with logging into apps that use this scheme with the same account a user is logged into their SSO? I'm a bit confused about all these levels of logging out and what is and is not expected confused

This is how #972 is behaving on staging:

So even if you choose "Keep me signed in", you won't be.

HOWEVER
Without #972, if you choose to not be kept signed in, you will be kept signed in still.

So, it looks like either option breaks some assumptions.