minvws · ricklambrechts · Aug 14, 2025 · Jul 16, 2025
@@ -58,6 +58,7 @@ public function __construct(
         public array $idTokenSigningAlgValuesSupported = [],
         public string $userinfoEndpoint = '',
         public array $codeChallengeMethodsSupported = [],
+        public string $endSessionEndpoint = '',
     ) {
     }
 }
@@ -91,7 +91,8 @@ protected function getConfigurationFromIssuer(): OpenIDConfiguration
             subjectTypesSupported: $response->json('subject_types_supported', []),
             idTokenSigningAlgValuesSupported: $response->json('id_token_signing_alg_values_supported', []),
             userinfoEndpoint: $response->json('userinfo_endpoint', ''),
-            codeChallengeMethodsSupported: $response->json('code_challenge_methods_supported', [])
+            codeChallengeMethodsSupported: $response->json('code_challenge_methods_supported', []),
+            endSessionEndpoint: $response->json('end_session_endpoint', ''),
         );
     }
 

@@ -620,6 +620,7 @@ protected function exampleOpenIDConfiguration(
             idTokenSigningAlgValuesSupported: ["RS256"],
             userinfoEndpoint: "https://provider.example.com/userinfo",
             codeChallengeMethodsSupported: $codeChallengeMethodsSupported,
+            endSessionEndpoint: "https://provider.example.com/endSession",
         );
     }
 

@@ -149,6 +149,7 @@ protected function exampleOpenIDConfiguration(): OpenIDConfiguration
             idTokenSigningAlgValuesSupported: ["RS256"],
             userinfoEndpoint: "https://provider.example.com/userinfo",
             codeChallengeMethodsSupported: ["S256"],
+            endSessionEndpoint: "https://provider.example.com/endSession",
         );
     }
 }
@@ -38,6 +38,7 @@ public function testConfigurationIsLoaded(): void
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     public function testConfigurationIsLoadedMultipleTimesWhenNotCached(): void
@@ -60,6 +61,7 @@ public function testConfigurationIsLoadedMultipleTimesWhenNotCached(): void
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     public function testConfigurationIsCached(): void
@@ -87,6 +89,7 @@ public function testConfigurationIsCached(): void
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     public function testLoaderThrowsExceptionWhenProviderReturns400ResponseCode(): void
@@ -198,6 +201,7 @@ public function testLoaderReturnsEmptyConfigurationOnEmptyJsonResponse(): void
         $this->assertEmpty($configuration->authorizationEndpoint);
         $this->assertEmpty($configuration->jwksUri);
         $this->assertEmpty($configuration->tokenEndpoint);
+        $this->assertEmpty($configuration->userinfoEndpoint);
     }
 
     public function testConfigurationIsLoadedMultipleTimesWhenCacheStoreIsNull(): void
@@ -221,6 +225,7 @@ public function testConfigurationIsLoadedMultipleTimesWhenCacheStoreIsNull(): vo
         $this->assertSame("https://provider.example.com/jwks", $configuration->jwksUri);
         $this->assertSame("https://provider.example.com/token", $configuration->tokenEndpoint);
         $this->assertSame("https://provider.example.com/userinfo", $configuration->userinfoEndpoint);
+        $this->assertSame("https://provider.example.com/logout", $configuration->endSessionEndpoint);
     }
 
     protected function fakeSuccessfulResponse(): void
@@ -264,7 +269,8 @@ protected function fakeSuccessfulResponse(): void
                 ],
                 "code_challenge_methods_supported" => [
                     "S256"
-                ]
+                ],
+                "end_session_endpoint" => "https://provider.example.com/logout"
             ])
         ]);
     }

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MinVWS\OpenIDConnectLaravel\Tests\Feature;
+
+use Illuminate\Http\Exceptions\HttpResponseException;
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\Http;
+use MinVWS\OpenIDConnectLaravel\OpenIDConnectClient;
+use MinVWS\OpenIDConnectLaravel\Tests\TestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+class OpenIDConnectClientTest extends TestCase
+{
+    public function testSignOut(): void
+    {
+        Http::fake([
+            'https://provider.example.com/.well-known/openid-configuration' => Http::response([
+                "end_session_endpoint" => "https://provider.example.com/logout",
+            ])
+        ]);
+        Config::set('oidc.issuer', 'https://provider.example.com');
+        Config::set('oidc.configuration_cache.store', null);
+
+        $client = app(OpenIDConnectClient::class);
+
+        try {
+            $client->signOut('idToken', 'redirect');
+        } catch (HttpResponseException $e) {
+            $this->assertEquals(Response::HTTP_FOUND, $e->getResponse()->getStatusCode());
+            $this->assertEquals(
+                'https://provider.example.com/logout?id_token_hint=idToken&post_logout_redirect_uri=redirect',
+                $e->getResponse()->getTargetUrl()
+            );
+
+            return;
+        }
+    }
+}