[Bug]: Potential oversight when signing out with endSessionEndpoint #2147
Description
Version
20.0.3
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
No exception or error. Simply left out behaviour.
Steps to reproduce the behavior
Sign in with any config that returns an `endSessionEndpoint` from their /.well-known/openid-configuration endpoint, and then trigger a logoff. `LogoffRevocationService` at line 5055 returns `null`.
A clear and concise description of what you expected to happen.
The fetched endSessionEndpoint shall be available during logoff().
Additional context
Prior to calling this.oidcSecurityService.logoff(configId) my fetched config has the authWellknownEndpoints set. But when calling the logoff() method it gets the config internally through ConfigurationService.configsInternal.
The internal configs does not contain the authWellknownEndpoints unless specifically set in the config, whereas the property is available when fetching the config through this.oidcSecurityService.getConfiguration(configId).
The result of this is that the library doesn't detect any endSessionEndpoint, hence in this case, doesn't redirect to the Microsoft signout page.
After fetching wellknown endpoints, they should be used while signing out. Either the ConfigurationService.configsInternal shall be modified, or OidcSecurityService.logoff() should fetch the configs with config.authWellknownEndpoints populated during logoff.