Missing logout_challenge query parameter on logout redirect #1635
Comments
barsaboowo
changed the title
|
Seems like you're hitting something similar to: #1634 While it's ok to obfuscate things (like the ID token or the hosts) that makes it insanely difficult to debug. |
|
Apologies. Token pasted below. In this case I was expecting a logout_challenge parameter to be sent as per https://www.ory.sh/docs/next/hydra/implementing-consent#logout However it is not sent to the redirect specified in the config. the redirect actually has the state and the id_token_hit query parameters. Whereas I can extract the id from the id_token_hint (which is the id token of the openid connect spec), I thought I would be able to get the logout_challenge and use it via the admin api to retrieve the logout request details: AdminApi.getLogoutRequest(logout_challenge). Here is the token |
|
We've hat several reports in the past regarding this functionality, it always boiled down to misconfiguration or misunderstanding how the flow works. Therefore, I've updated the docs:
Please read them, you will probably find the problem easily. It typically boils down to:
Unless you find more concrete proof of a bug (unlikely because the symptoms definitely speak for something of the list above), this will be closed. Please also read #1634 - it has several examples of what can go wrong. |
|
Thanks! I discovered that we are not setting remember to true. I will close this issue now. |
For request 'GET /hydra/logout?state=somelongvalue' [Missing parameter: logout_challenge]
Hydra version: 1.0.9
Environment: docker using image tagged "latest"
Config:
name: OIDC_SUBJECT_IDENTIFIERS_ENABLED
value: public
value: jwt
value: https://xxxxx
value: https://xxx/hydra/consent
value: https://xxxx/hydra/login
value: https:/xxxx/hydra/logout
value: memory
value: xxxxx
value: public,pairwise
value: xxxxx
Client setup:
hydra.exe clients create --skip-tls-verify --endpoint https:/xxxx:xxx --id "auth-id" -r token,id_token,code,"token id_token" -g implicit -a xxxx --callbacks https://www.getpostman.com/oauth2/callback,https://xxxxx/hydra/logout -a openid,offline --post-logout-callbacks https://xxxxx/hydra/logout
Request:
https://xxxx/oauth2/sessions/logout?post_logout_redirect_uri=https://xxxxx/hydra/logout&state=somelongvalue&id_token_hint=theidtoken
Logs:
time="2019-11-11T10:57:15Z" level=info msg="completed handling request" measure#hydra/public: https://xxxxx/.latency=856337 method=GET remote="xxxxx" request="/oauth2/sessions/logout?post_logout_redirect_uri=https://xxxxx/hydra/logout&state=somelongvalue&id_token_hint=theidtoken status=302 text_status=Found took="856.337µs"
The text was updated successfully, but these errors were encountered: