Fix logout with Cognito

src/main/java/com/mycompany/myapp/web/rest/LogoutResource.java

@@ -1,10 +1,8 @@
 package com.mycompany.myapp.web.rest;
 
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RestController;
 import javax.servlet.http.HttpServletRequest;
@@ -26,18 +24,13 @@ public LogoutResource(ClientRegistrationRepository registrations) {
      * {@code POST  /api/logout} : logout the current user.
      *
      * @param request the {@link HttpServletRequest}.
-     * @param idToken the ID token.
      * @return the {@link ResponseEntity} with status {@code 200 (OK)} and a body with a global logout URL and ID token.
      */
     @PostMapping("/api/logout")
-    public ResponseEntity<?> logout(HttpServletRequest request,
-                                    @AuthenticationPrincipal(expression = "idToken") OidcIdToken idToken) {
-        String logoutUrl = this.registration.getProviderDetails()
-            .getConfigurationMetadata().get("end_session_endpoint").toString();
-
+    public ResponseEntity<?> logout(HttpServletRequest request) {
         Map<String, String> logoutDetails = new HashMap<>();
-        logoutDetails.put("logoutUrl", logoutUrl);
-        logoutDetails.put("idToken", idToken.getTokenValue());
+        logoutDetails.put("logoutUrl", "https://DOMAIN.auth.REGION.amazoncognito.com/logout");
+        logoutDetails.put("clientId", registration.getClientId());
         request.getSession().invalidate();
         return ResponseEntity.ok().body(logoutDetails);
     }

src/main/webapp/app/core/login/login.service.ts

@@ -16,17 +16,7 @@ export class LoginService {
 
   logout(): void {
     this.authServerProvider.logout().subscribe((logout: Logout) => {
-      let logoutUrl = logout.logoutUrl;
-      const redirectUri = `${location.origin}${this.location.prepareExternalUrl('/')}`;
-
-      // if Keycloak, uri has protocol/openid-connect/token
-      if (logoutUrl.includes('/protocol')) {
-        logoutUrl = logoutUrl + '?redirect_uri=' + redirectUri;
-      } else {
-        // Okta
-        logoutUrl = logoutUrl + '?id_token_hint=' + logout.idToken + '&post_logout_redirect_uri=' + redirectUri;
-      }
-      window.location.href = logoutUrl;
+      window.location.href = `${logout.logoutUrl}?client_id=${logout.clientId}&logout_uri=${location.origin}`;
     });
   }
 }

src/main/webapp/app/core/login/logout.model.ts

@@ -1,3 +1,3 @@
 export class Logout {
-  constructor(public idToken: string, public logoutUrl: string) {}
+  constructor(public clientId: string, public logoutUrl: string) {}
 }