luoluoyuyu commented on issue #6791: URL: https://github.com/apache/apisix/issues/6791#issuecomment-1849447678
hi @Revolyssup @ecoupal-believe @Sn0rt @mehmetcuneyit PR(#8941) is adding the ability to customize the logout uri without finding the service definition `end_session_enpoint`, this is done using the `redirect_after_logout_uri` configuration. In the OpenID connect standard documentation, I didn't find any description of redirect_after_logout_uri, which is actually defined in https://github.com/zmartzone/lua-resty-openidc. I don't think using this configuration will solve the problem, but the core of the problem is still in the `redirect_after_logout_uri` configuration, which is defined in https://github.com/zmartzone/lua-resty-openidc. The core of the solution is `end_session_enpoint`, such as providing `end_session_enpoint` configuration in the discovery service provided by Google openID. Even if you use `redirect_after_logout_uri`, it won't logout correctly, it just redirects to `redirect_after_logout_uri`. As you can see in the code, if `redirect_after_logout_uri` exists then `redirect_after_logout_uri` is used. but they redirect with the same parameters. ```lua local uri if opts.redirect_after_logout_uri then uri = opts.redirect_after_logout_uri else uri = opts.discovery.end_session_endpoint end local params = {} if (opts.redirect_after_logout_with_id_token_hint or not opts.redirect_after_logout_uri) and session_token then params["id_token_hint"] = session_token end if opts.post_logout_redirect_uri then params["post_logout_redirect_uri"] = opts.post_logout_redirect_uri end return ngx.redirect(openidc_combine_uri(uri, params)) ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
