fix: logout in case no logout url in identity provider

JeromeBu · JeromeBu · commit bf7637834464 · 2025-07-18T16:35:27.000+02:00
diff --git a/api/src/core/usecases/auth/logout.ts b/api/src/core/usecases/auth/logout.ts
@@ -24,7 +24,6 @@ export const makeInitiateLogout =
             throw new Error(`Session not found: ${sessionId}`);
         }
 
-        // Mark session as logged out immediately
         await sessionRepository.update({ ...session, loggedOutAt: new Date() });
 
         // Get logout URL from OIDC client
diff --git a/api/src/core/usecases/auth/oidcClient.ts b/api/src/core/usecases/auth/oidcClient.ts
@@ -123,12 +123,14 @@ export class HttpOidcClient implements OidcClient {
 
         const userInfoAsString = responseBody.startsWith("ey") ? atob(responseBody.split(".")[1]) : responseBody;
 
+        console.log("\n \n userInfoAsString : ", userInfoAsString);
+
         return JSON.parse(userInfoAsString);
     }
 
     async logout(idToken: string | null): Promise<string> {
         if (!this.#config.end_session_endpoint) {
-            throw new Error("OIDC provider does not support logout");
+            return this.logoutRedirectUri; // in that case we skip the logout and redirect to the identity provider logout page
         }
 
         const logoutUrl = new URL(this.#config.end_session_endpoint);

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,6 @@ export const makeInitiateLogout =`
`24`	`24`	throw new Error(`Session not found: ${sessionId}`);
`25`	`25`	`}`
`26`	`26`
`27`		`- // Mark session as logged out immediately`
`28`	`27`	`await sessionRepository.update({ ...session, loggedOutAt: new Date() });`
`29`	`28`
`30`	`29`	`// Get logout URL from OIDC client`
Original file line number	Diff line number	Diff line change
`@@ -123,12 +123,14 @@ export class HttpOidcClient implements OidcClient {`
`123`	`123`
`124`	`124`	`const userInfoAsString = responseBody.startsWith("ey") ? atob(responseBody.split(".")[1]) : responseBody;`
`125`	`125`
	`126`	`+ console.log("\n \n userInfoAsString : ", userInfoAsString);`
	`127`	`+`
`126`	`128`	`return JSON.parse(userInfoAsString);`
`127`	`129`	`}`
`128`	`130`
`129`	`131`	`async logout(idToken: string \| null): Promise<string> {`
`130`	`132`	`if (!this.#config.end_session_endpoint) {`
`131`		`- throw new Error("OIDC provider does not support logout");`
	`133`	`+ return this.logoutRedirectUri; // in that case we skip the logout and redirect to the identity provider logout page`
`132`	`134`	`}`
`133`	`135`
`134`	`136`	`const logoutUrl = new URL(this.#config.end_session_endpoint);`