feat(oidc): ✨ Added additionalLogoutParameters property to customize the logout redirect

Author: itpropro

package.json

@@ -28,7 +28,7 @@
     "dev": "nuxi dev playground",
     "dev:prepare": "nuxt-module-build build --stub && nuxt-module-build prepare && nuxi prepare playground && nuxi prepare client",
     "release": "pnpm lint && pnpm prepack && changelogen --release && git push --follow-tags && pnpm publish --access=public",
-    "lint": "eslint .",
+    "lint": "eslint . && tsc --noemit",
     "test": "vitest run",
     "test:watch": "vitest watch"
   },

playground/nuxt.config.ts

@@ -96,6 +96,7 @@ export default defineNuxtConfig({
 
   unocss: {
     preflight: true,
+    configFile: 'uno.config.ts'
   },
 
   devtools: { enabled: true },

src/runtime/server/lib/oidc.ts

@@ -282,10 +282,14 @@ export function logoutEventHandler({ onSuccess }: OAuthConfig<UserSession>) {
 
     if (config.logoutUrl) {
       const logoutParams = getQuery(event)
-      const logoutRedirectUri = logoutParams.logoutRedirectUri ?? `${getRequestURL(event).protocol}//${getRequestURL(event).host}`
+      const logoutRedirectUri = logoutParams.logoutRedirectUri || config.logoutRedirectUri || `${getRequestURL(event).protocol}//${getRequestURL(event).host}`
+      const location = withQuery(config.logoutUrl, {
+        ...config.logoutRedirectParameterName && { [config.logoutRedirectParameterName]: logoutRedirectUri },
+        ...config.additionalLogoutParameters && convertObjectToSnakeCase(config.additionalLogoutParameters),
+      })
       return sendRedirect(
         event,
-        withQuery(config.logoutUrl, { ...config.logoutRedirectParameterName && { [config.logoutRedirectParameterName]: logoutRedirectUri } }),
+        location,
         200,
       )
     }

src/runtime/server/utils/oidc.ts

@@ -62,7 +62,7 @@ export async function refreshAccessToken(refreshToken: string, config: OidcProvi
   }
 
   // Construct user object
-  const user: UserSession = {
+  const user: Omit<UserSession, 'provider'> = {
     canRefresh: !!tokens.refreshToken,
     updatedAt: Math.trunc(Date.now() / 1000), // Use seconds instead of milliseconds to align wih JWT
     expireAt: parseJwtToken(tokenResponse.access_token).exp || Math.trunc(Date.now() / 1000) + 3600, // Fallback 60 min

src/runtime/server/utils/provider.ts

@@ -114,17 +114,28 @@ export interface OidcProviderConfig {
    */
   skipAccessTokenParsing?: boolean
   /**
-   * Query parameter name for logout redirect. Will be appended to the logoutUrl as a query parameter.
+   * Query parameter name for logout redirect. Will be appended to the logoutUrl as a query parameter with this value and the name of logoutRedirectParameterName.
+   */
+  logoutRedirectUri?: string
+  /**
+   * Query parameter name for logout redirect. Will be appended to the logoutUrl as a query parameter with this name and a value of logoutRedirectUri. The logoutRedirectUri can also be provided as a parameter with the `logout` composable function.
    */
   logoutRedirectParameterName?: string
   /**
    * Additional parameters to be added to the authorization request
+   * @default undefined
    */
   additionalAuthParameters?: Record<string, string>
   /**
    * Additional parameters to be added to the token request
+   * @default undefined
    */
   additionalTokenParameters?: Record<string, string>
+  /**
+   * Additional parameters to be added to the logout request
+   * @default undefined
+   */
+  additionalLogoutParameters?: Record<string, string>
   /**
    * OpenID Configuration object or function promise that resolves to an OpenID Configuration object
    */
@@ -174,9 +185,9 @@ export interface OidcProviderConfig {
   allowedClientAuthParameters?: string[]
   /**
    * Session configuration overrides
-   * @default {}
+   * @default undefined
    */
-  sessionConfiguration: ProviderSessionConfig
+  sessionConfiguration?: ProviderSessionConfig
 }
 
 // Cannot import from utils here, otherwise Nuxt will throw '[worker reload] [worker init] Cannot access 'configMerger' before initialization'
@@ -187,7 +198,7 @@ const configMerger = createDefu((obj, key, value) => {
   }
 })
 
-export function defineOidcProvider<TConfig, TRequired extends keyof OidcProviderConfig>(config: Partial<OidcProviderConfig> & { additionalAuthParameters?: TConfig; additionalTokenParameters?: TConfig } = {} as any) {
+export function defineOidcProvider<TConfig, TRequired extends keyof OidcProviderConfig>(config: Partial<OidcProviderConfig> & { additionalAuthParameters?: TConfig; additionalTokenParameters?: TConfig; additionalLogoutParameters?: TConfig } = {} as any) {
   const defaults: Partial<OidcProviderConfig> = {
     clientId: '',
     redirectUri: '',
@@ -215,9 +226,12 @@ export function defineOidcProvider<TConfig, TRequired extends keyof OidcProvider
     exposeAccessToken: false,
     exposeIdToken: false,
     callbackRedirectUrl: '/',
-    allowedClientAuthParameters: [],
+    allowedClientAuthParameters: undefined,
     logoutUrl: '',
-    sessionConfiguration: {},
+    sessionConfiguration: undefined,
+    additionalAuthParameters: undefined,
+    additionalTokenParameters: undefined,
+    additionalLogoutParameters: undefined,
   }
   const mergedConfig = configMerger(config, defaults)
   return mergedConfig as MakePropertiesRequired<Partial<typeof mergedConfig>, TRequired>

src/runtime/server/utils/session.ts

@@ -95,7 +95,7 @@ export async function refreshUserSession(event: H3Event) {
   }
 
   await useStorage('oidc').setItem<PersistentSession>(session.id as string, updatedPersistentSession)
-  await session.update(defu(user, session.data))
+  await session.update(defu(user as UserSession, session.data))
 
   return session.data
 }

tsconfig.json

@@ -1,6 +1,7 @@
 {
   "extends": "./.nuxt/tsconfig.json",
   "exclude": [
+    "client",
     "playground",
     "dist"
   ]