"The post_logout_redirect_uri is invalid" after upgrading from 1.36.4

[glen-84]

"The post_logout_redirect_uri is invalid" after upgrading from 1.36.4

Description

After upgrading from 1.36.4 we get: The post_logout_redirect_uri is invalid..

It's set to https%3A%2F%2Fstaging.example.net%2F (URL-decoded: https://staging.example.net/)

Affects versions

1.36.4 works.
1.36.5+ doesn't.

Steps to reproduce

Steps to reproduce the behavior:

1. Set the post_logout_redirect_uri to (for example): https://staging.example.net/
2. Set the configured logout URL to the same value.
   • (although this should not matter, otherwise it would restrict you to one logout URL)
3. Log out.

Expected behavior

Successful logout and redirection to the post_logout_redirect_uri.

Screenshots

Platform

• Device: Desktop
• OS: Windows 11
• Browser + version: Chrome 103
• Database: PostgreSQL 12.11 (Ubuntu 12.11-0ubuntu0.20.04.1)

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

n/a

[mooreds]

We were previously incorrectly validating the post_logout_redirect_uri. The fix is to add this value to the authorized redirect urls list for an application, as documented here: https://fusionauth.io/docs/v1/tech/oauth/endpoints#logout

I'll make a note to update the release notes with this work around.

Do things work if you add the https://staging.example.net/ to the authorized redirect urls list?

Thanks!

[glen-84]

Ah, yes it does appear to fix the issue. Thank you.

Our list of authorized redirect URLs is becoming awkwardly long. I wish that OAuth2 allowed for wildcard URLs in the spec.

[mooreds]

Great! Can we close this issue? If so, please either close it or let me know and I'll do so.

w/r/t the authorized urls, please feel free to upvote this issue if you haven't yet: #437