fix: add "exp" to Logout Tokens

closes #1295

Author: panva

lib/models/id_token.js

@@ -91,6 +91,7 @@ export default function getIdToken(provider) {
             issuer: provider.issuer,
             subject: payload.sub,
             typ: 'logout+jwt',
+            expiresIn: 120,
           };
           encryption = {
             alg: client.idTokenEncryptedResponseAlg,

test/backchannel_logout/backchannel_logout.test.js

@@ -26,7 +26,7 @@ describe('Back-Channel Logout 1.0', () => {
           const header = JSON.parse(base64url.decode(RegExp.$1.split('.')[0]));
           expect(header).to.have.property('typ', 'logout+jwt');
           const decoded = JSON.parse(base64url.decode(RegExp.$1.split('.')[1]));
-          expect(decoded).to.have.all.keys('sub', 'events', 'iat', 'aud', 'iss', 'jti', 'sid');
+          expect(decoded).to.have.all.keys('sub', 'events', 'iat', 'exp', 'aud', 'iss', 'jti', 'sid');
           expect(decoded).to.have.property('events').and.eql({ 'http://schemas.openid.net/event/backchannel-logout': {} });
           expect(decoded).to.have.property('aud', 'client');
           expect(decoded).to.have.property('sub', 'subject');
@@ -45,7 +45,7 @@ describe('Back-Channel Logout 1.0', () => {
         .filteringRequestBody((body) => {
           expect(body).to.match(/^logout_token=(([\w-]+\.?){3})$/);
           const decoded = JSON.parse(base64url.decode(RegExp.$1.split('.')[1]));
-          expect(decoded).to.have.all.keys('sub', 'events', 'iat', 'aud', 'iss', 'jti');
+          expect(decoded).to.have.all.keys('sub', 'events', 'iat', 'exp', 'aud', 'iss', 'jti');
           expect(decoded).to.have.property('events').and.eql({ 'http://schemas.openid.net/event/backchannel-logout': {} });
           expect(decoded).to.have.property('aud', 'no-sid');
           expect(decoded).to.have.property('sub', 'subject');