From d3adf872363cab2205a3aecb91fe8260c73850f6 Mon Sep 17 00:00:00 2001
From: Binon <binon>
Date: Thu, 3 Jul 2025 15:46:22 +0100
Subject: [PATCH] refactored the postlog out code and fixed the logout

---
 auth/oidc/auth.php                   |  7 -------
 local/telconfig/classes/observer.php | 29 ++++++++++++++++++++++++++++
 local/telconfig/db/events.php        |  6 ++++++
 3 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/auth/oidc/auth.php b/auth/oidc/auth.php
index eb991a9803a..cd65c379a14 100644
--- a/auth/oidc/auth.php
+++ b/auth/oidc/auth.php
@@ -327,13 +327,6 @@ public function postlogout_hook($user) {
                         preg_match("/\/oauth2\/logout$/", $logouturl)) {
                         $logouturl .= '?post_logout_redirect_uri=' . urlencode($CFG->wwwroot);
                     }
-                    else{
-                        $tokenrec = $DB->get_record('auth_oidc_token', ['userid' => $user->id]);
-                        $idToken = $tokenrec->idtoken;
-
-                        $logouturl .= '?post_logout_redirect_uri=' . urlencode($CFG->wwwroot);
-                        $logouturl .= '&id_token_hint=' . $idToken;
-                    }  
                 }
 
                 redirect($logouturl);
diff --git a/local/telconfig/classes/observer.php b/local/telconfig/classes/observer.php
index 98f13d006ba..0fa32ad30dc 100644
--- a/local/telconfig/classes/observer.php
+++ b/local/telconfig/classes/observer.php
@@ -134,4 +134,33 @@ private static function is_course_self_enrollable(int $courseid): bool {
             'status' => ENROL_INSTANCE_ENABLED,
         ]);
     }
+
+    public static function on_user_loggedout(\core\event\user_loggedout $event) {
+        global $DB, $CFG, $USER;
+
+        $user = $event->get_record_snapshot('user', $event->objectid);
+
+        if ($user->auth !== 'oidc') {
+            return true; // Ignore non-OIDC users
+        }
+
+        // Load token
+        $tokenrec = $DB->get_record('auth_oidc_token', ['userid' => $user->id]);
+        if ($tokenrec && isset($tokenrec->idtoken)) {
+            $idtoken = $tokenrec->idtoken;
+            
+            $logouturl = get_config('auth_oidc', 'logouturi');
+            if (!$logouturl) {
+                $logouturl = 'https://login.microsoftonline.com/organizations/oauth2/logout?post_logout_redirect_uri=' .
+                    urlencode($CFG->wwwroot);
+            }
+            // Append id_token_hint
+            $logouturl .= '&id_token_hint=' . $idtoken;
+
+            // Use redirect now (Moodle already logged out the session)
+            redirect($logouturl);            
+        }
+
+        return true;
+    }
 }
diff --git a/local/telconfig/db/events.php b/local/telconfig/db/events.php
index 29da2fc800d..f7222483f2e 100644
--- a/local/telconfig/db/events.php
+++ b/local/telconfig/db/events.php
@@ -49,4 +49,10 @@
         'priority'    => 9999,
         'internal'    => false,
     ],
+    [
+        'eventname'   => '\core\event\user_loggedout',
+        'callback'    => 'local_telconfig\observer::on_user_loggedout',        
+        'priority'    => 9999,
+        'internal'    => false,
+    ],
 ];