add endSessionEndpoint to configuration to support ending the session

maarten-v · maarten-v · commit f7f051bee645 · 2025-07-19T15:51:11.000+02:00
diff --git a/src/OpenIDConfiguration/OpenIDConfiguration.php b/src/OpenIDConfiguration/OpenIDConfiguration.php
@@ -58,6 +58,7 @@ public function __construct(
         public array $idTokenSigningAlgValuesSupported = [],
         public string $userinfoEndpoint = '',
         public array $codeChallengeMethodsSupported = [],
+        public string $endSessionEndpoint = '',
     ) {
     }
 }
diff --git a/src/OpenIDConfiguration/OpenIDConfigurationLoader.php b/src/OpenIDConfiguration/OpenIDConfigurationLoader.php
@@ -91,7 +91,8 @@ protected function getConfigurationFromIssuer(): OpenIDConfiguration
             subjectTypesSupported: $response->json('subject_types_supported', []),
             idTokenSigningAlgValuesSupported: $response->json('id_token_signing_alg_values_supported', []),
             userinfoEndpoint: $response->json('userinfo_endpoint', ''),
-            codeChallengeMethodsSupported: $response->json('code_challenge_methods_supported', [])
+            codeChallengeMethodsSupported: $response->json('code_challenge_methods_supported', []),
+            endSessionEndpoint: $response->json('end_session_endpoint', ''),
         );
     }
 
diff --git a/tests/Feature/Http/Controllers/LoginControllerResponseTest.php b/tests/Feature/Http/Controllers/LoginControllerResponseTest.php
@@ -620,6 +620,7 @@ protected function exampleOpenIDConfiguration(
             idTokenSigningAlgValuesSupported: ["RS256"],
             userinfoEndpoint: "https://provider.example.com/userinfo",
             codeChallengeMethodsSupported: $codeChallengeMethodsSupported,
+            endSessionEndpoint: "https://provider.example.com/endSession",
         );
     }
 
diff --git a/tests/Feature/Http/Controllers/LoginControllerTest.php b/tests/Feature/Http/Controllers/LoginControllerTest.php
@@ -149,6 +149,7 @@ protected function exampleOpenIDConfiguration(): OpenIDConfiguration
             idTokenSigningAlgValuesSupported: ["RS256"],
             userinfoEndpoint: "https://provider.example.com/userinfo",
             codeChallengeMethodsSupported: ["S256"],
+            endSessionEndpoint: "https://provider.example.com/endSession",
         );
     }
 }
diff --git a/tests/Feature/OpenIDConfiguration/OpenIDConfigurationLoaderTest.php b/tests/Feature/OpenIDConfiguration/OpenIDConfigurationLoaderTest.php
@@ -38,6 +38,7 @@ public function testConfigurationIsLoaded(): void
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     public function testConfigurationIsLoadedMultipleTimesWhenNotCached(): void
@@ -60,6 +61,7 @@ public function testConfigurationIsLoadedMultipleTimesWhenNotCached(): void
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     public function testConfigurationIsCached(): void
@@ -87,6 +89,7 @@ public function testConfigurationIsCached(): void
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     public function testLoaderThrowsExceptionWhenProviderReturns400ResponseCode(): void
@@ -198,6 +201,7 @@ public function testLoaderReturnsEmptyConfigurationOnEmptyJsonResponse(): void
         $this->assertEmpty($configuration->authorizationEndpoint);
         $this->assertEmpty($configuration->jwksUri);
         $this->assertEmpty($configuration->tokenEndpoint);
+        $this->assertEmpty($configuration->userinfoEndpoint);
     }
 
     public function testConfigurationIsLoadedMultipleTimesWhenCacheStoreIsNull(): void
@@ -221,6 +225,7 @@ public function testConfigurationIsLoadedMultipleTimesWhenCacheStoreIsNull(): vo
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     protected function fakeSuccessfulResponse(): void
@@ -264,7 +269,8 @@ protected function fakeSuccessfulResponse(): void
                 ],
                 "code_challenge_methods_supported" => [
                     "S256"
-                ]
+                ],
+                "end_session_endpoint" => "https://provider.example.com/logout"
             ])
         ]);
     }
diff --git a/tests/Feature/OpenIDConnectClientTest.php b/tests/Feature/OpenIDConnectClientTest.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MinVWS\OpenIDConnectLaravel\Tests\Feature;
+
+use Illuminate\Http\Exceptions\HttpResponseException;
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\Http;
+use MinVWS\OpenIDConnectLaravel\OpenIDConnectClient;
+use MinVWS\OpenIDConnectLaravel\Tests\TestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+class OpenIDConnectClientTest extends TestCase
+{
+    public function testSignOut(): void
+    {
+        Http::fake([
+            'https://provider.example.com/.well-known/openid-configuration' => Http::response([
+                "end_session_endpoint" => "https://provider.example.com/logout",
+            ])
+        ]);
+        Config::set('oidc.issuer', 'https://provider.example.com');
+        Config::set('oidc.configuration_cache.store', null);
+
+        $client = app(OpenIDConnectClient::class);
+
+        try {
+            $client->signOut('idToken', 'redirect');
+        } catch (HttpResponseException $e) {
+            $this->assertEquals(Response::HTTP_FOUND, $e->getResponse()->getStatusCode());
+            $this->assertEquals(
+                'https://provider.example.com/logout?id_token_hint=idToken&post_logout_redirect_uri=redirect',
+                $e->getResponse()->getTargetUrl()
+            );
+
+            return;
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ public function __construct(`
`58`	`58`	`public array $idTokenSigningAlgValuesSupported = [],`
`59`	`59`	`public string $userinfoEndpoint = '',`
`60`	`60`	`public array $codeChallengeMethodsSupported = [],`
	`61`	`+ public string $endSessionEndpoint = '',`
`61`	`62`	`) {`
`62`	`63`	`}`
`63`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,8 @@ protected function getConfigurationFromIssuer(): OpenIDConfiguration`
`91`	`91`	`subjectTypesSupported: $response->json('subject_types_supported', []),`
`92`	`92`	`idTokenSigningAlgValuesSupported: $response->json('id_token_signing_alg_values_supported', []),`
`93`	`93`	`userinfoEndpoint: $response->json('userinfo_endpoint', ''),`
`94`		`- codeChallengeMethodsSupported: $response->json('code_challenge_methods_supported', [])`
	`94`	`+ codeChallengeMethodsSupported: $response->json('code_challenge_methods_supported', []),`
	`95`	`+ endSessionEndpoint: $response->json('end_session_endpoint', ''),`
`95`	`96`	`);`
`96`	`97`	`}`
`97`	`98`
Original file line number	Diff line number	Diff line change
`@@ -620,6 +620,7 @@ protected function exampleOpenIDConfiguration(`
`620`	`620`	`idTokenSigningAlgValuesSupported: ["RS256"],`
`621`	`621`	`userinfoEndpoint: "https://provider.example.com/userinfo",`
`622`	`622`	`codeChallengeMethodsSupported: $codeChallengeMethodsSupported,`
	`623`	`+ endSessionEndpoint: "https://provider.example.com/endSession",`
`623`	`624`	`);`
`624`	`625`	`}`
`625`	`626`
Original file line number	Diff line number	Diff line change
`@@ -149,6 +149,7 @@ protected function exampleOpenIDConfiguration(): OpenIDConfiguration`
`149`	`149`	`idTokenSigningAlgValuesSupported: ["RS256"],`
`150`	`150`	`userinfoEndpoint: "https://provider.example.com/userinfo",`
`151`	`151`	`codeChallengeMethodsSupported: ["S256"],`
	`152`	`+ endSessionEndpoint: "https://provider.example.com/endSession",`
`152`	`153`	`);`
`153`	`154`	`}`
`154`	`155`	`}`