/oauth2/sign_out
end point should redirect the user to the providers end_session_endpoint
by default
#2372
Labels
/oauth2/sign_out
end point should redirect the user to the providers end_session_endpoint
by default
#2372
Expected Behavior
When I refer the user to
/oauth2/sign_out
then afteroauth2 proxy
deletes it's cookies it would be great if we redirect the user to the end session end point.end_session_endpoint
Also, perhaps we shouldn't need to add the URL to a whitelist, as it's already defined in the openid configuration.
Current Behavior
Currently my application needs to know the end session endpoint and include that in the
rd
redirect parameter. I also have to manage a white list.Apart from that my app is unaware of the OIDC config.
Possible Solution
If I don't supply the
rd
redirect then perhaps forward the user to theend_session_endpoint
by default?I'm not sure of the consequences of this for other users, but for me this would have saved some time figuring out the sign out mechanism.
Context
Currently we will have to build code to pass the
end_session_endpoint
into the app, then add this to anrd
parameter.But the config already exists in Oauth2 so it seems a shame not to use it.
The text was updated successfully, but these errors were encountered: