allow passing 'id_token_hint' to the IdP in logout uri or end_session_endpoint #522
Comments
|
@ShyLionTjmn welcome back! Which IdP is this? VP does not support passing the token to the IdP in a logout URL. |
|
fwiw this is part of the OpenID Connect spec: https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout |
|
right now these URLs are configured in If #41 OIDC Discovery from I don't see that mentioned here... I'm thinking there may need to be a new configuration parameter... MicroSoft Azure chooses not to include Seems like "Single Sign Out" is it's own rabbit hole. :) |
It absolutely is 😂 |
bnfinet
changed the title
id_token_hint to the IdP in logout uri
bnfinet
changed the title
id_token_hint to the IdP in logout uriid_token_hint to the IdP in logout uri or end_session_endpoint
bnfinet
changed the title
id_token_hint to the IdP in logout uri or end_session_endpoint
|
IdP is Blitz: https://identityblitz.com/ https://blitz.mydomain.com/blitz/oauth/.well-known/openid-configuration has: |
that would be nice |
|
I'd be really glad if this extra parameter could be implemented. Keycloak also requires the Update: I just found #258 that is supposed to do exactly that. Any ideas why this isn't working? Update 2: I just found #298 (also see #328) that mandates the explicit inclusion of the id/access token as headers to make them available. You need to add this to your vouch configuration to make it work: |
|
@ShyLionTjmn is this fixing your issue? |
|
didn't try it |
My IdP requires id_token as one of parameters to be able to redirect to specified URL, like this:
end_session_endpoint: https://idp.domain.com/oauth/logout?id_token_hint={ID_TOKEN}&post_logout_redirect_uri=https%3A%2F%2Fmyapp.domain.com%2Fis there a way to include it in uri?
The text was updated successfully, but these errors were encountered: