luoluoyuyu commented on issue #6791:
URL: https://github.com/apache/apisix/issues/6791#issuecomment-1849447678

   hi @Revolyssup @ecoupal-believe @Sn0rt @mehmetcuneyit 
   PR(#8941) is adding the ability to customize the logout uri without finding 
the service definition `end_session_enpoint`, this is done using the 
`redirect_after_logout_uri` configuration. In the OpenID connect standard 
documentation, I didn't find any description of redirect_after_logout_uri, 
which is actually defined in https://github.com/zmartzone/lua-resty-openidc. I 
don't think using this configuration will solve the problem, but the core of 
the problem is still in the `redirect_after_logout_uri` configuration, which is 
defined in https://github.com/zmartzone/lua-resty-openidc. The core of the 
solution is `end_session_enpoint`, such as providing `end_session_enpoint` 
configuration in the discovery service provided by Google openID. Even if you 
use `redirect_after_logout_uri`, it won't logout correctly, it just redirects 
to `redirect_after_logout_uri`.
   
   As you can see in the code, if `redirect_after_logout_uri` exists then 
`redirect_after_logout_uri` is used. but they redirect with the same parameters.
   ```lua
       local uri
       if opts.redirect_after_logout_uri then
         uri = opts.redirect_after_logout_uri
       else
         uri = opts.discovery.end_session_endpoint
       end
       local params = {}
       if (opts.redirect_after_logout_with_id_token_hint or not 
opts.redirect_after_logout_uri) and session_token then
         params["id_token_hint"] = session_token
       end
       if opts.post_logout_redirect_uri then
         params["post_logout_redirect_uri"] = opts.post_logout_redirect_uri
       end
       return ngx.redirect(openidc_combine_uri(uri, params))
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to