supertokens
diff --git a/‎lib/build/index2.js‎
Lines changed: 2 additions & 1 deletion b/‎lib/build/index2.js‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎lib/build/oauth2providerprebuiltui.js‎
Lines changed: 15 additions & 4 deletions b/‎lib/build/oauth2providerprebuiltui.js‎
Lines changed: 15 additions & 4 deletions
diff --git a/‎lib/ts/recipe/authRecipe/components/feature/authPage/authPage.tsx‎
Lines changed: 2 additions & 1 deletion b/‎lib/ts/recipe/authRecipe/components/feature/authPage/authPage.tsx‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎lib/ts/recipe/oauth2provider/components/features/oauth2LogoutScreen/index.tsx‎
Lines changed: 11 additions & 2 deletions b/‎lib/ts/recipe/oauth2provider/components/features/oauth2LogoutScreen/index.tsx‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎test/end-to-end/oauth2provider.test.js‎
Lines changed: 93 additions & 0 deletions b/‎test/end-to-end/oauth2provider.test.js‎
Lines changed: 93 additions & 0 deletions
@@ -197,7 +197,8 @@ const AuthPageInner: React.FC<AuthPageProps> = (props) => {
             }
         },
         () => {
-            return clearQueryParams(["loginChallenge"]);
+            clearQueryParams(["loginChallenge"]);
+            setError("SOMETHING_WENT_WRONG_ERROR");
         }
     );
 
 
@@ -25,7 +25,7 @@ import SuperTokens from "../../../../../superTokens";
 import UI from "../../../../../ui";
 import { useUserContext } from "../../../../../usercontext";
 import { getQueryParams, getTenantIdFromQueryParams, useRethrowInRender } from "../../../../../utils";
-import { SessionContext } from "../../../../session";
+import { doesSessionExist, SessionContext } from "../../../../session";
 import OAuth2Provider from "../../../recipe";
 import { OAuth2LogoutScreenTheme } from "../../themes/oauth2LogoutScreen";
 import { defaultTranslationsOAuth2Provider } from "../../themes/translations";
@@ -75,7 +75,16 @@ export const OAuth2LogoutScreen: React.FC<Prop> = (props) => {
                 userContext
             );
         } catch (err: any) {
-            rethrowInRender(err);
+            if (!(await doesSessionExist(userContext))) {
+                void SuperTokens.getInstanceOrThrow()
+                    .redirectToAuth({
+                        userContext,
+                        redirectBack: false,
+                    })
+                    .catch(rethrowInRender);
+            } else {
+                rethrowInRender(err);
+            }
         }
     }, [logoutChallenge, navigate, props.recipe, userContext, rethrowInRender]);
 
 
@@ -40,6 +40,7 @@ import {
     waitForSTElement,
     isOauth2Supported,
     setupBrowser,
+    getGeneralError,
 } from "../helpers";
 import fetch from "isomorphic-fetch";
 
@@ -48,6 +49,7 @@ import {
     TEST_SERVER_BASE_URL,
     SIGN_OUT_API,
     TEST_APPLICATION_SERVER_BASE_URL,
+    SOMETHING_WENT_WRONG_ERROR,
 } from "../constants";
 
 // We do no thave to use a separate domain for the oauth2 client, since the way we are testing
@@ -120,6 +122,36 @@ describe("SuperTokens OAuth2Provider", function () {
             await removeOAuth2ClientInfo(page);
         });
 
+        it("should clear invalid/expired loginChallenge from the url and show an error", async function () {
+            const { client } = await createOAuth2Client({
+                scope: "offline_access profile openid email",
+                redirectUris: [`${TEST_CLIENT_BASE_URL}/oauth/callback`],
+                tokenEndpointAuthMethod: "none",
+                grantTypes: ["authorization_code", "refresh_token"],
+                responseTypes: ["code", "id_token"],
+            });
+
+            await setOAuth2ClientInfo(page, client.clientId);
+
+            await Promise.all([
+                page.waitForNavigation({ waitUntil: "networkidle0" }),
+                page.goto(`${TEST_CLIENT_BASE_URL}/oauth/login`),
+            ]);
+
+            let loginButton = await getOAuth2LoginButton(page);
+            await loginButton.click();
+
+            await waitForUrl(page, "/auth");
+
+            await Promise.all([
+                page.waitForNavigation({ waitUntil: "networkidle0" }),
+                page.goto(page.url().replace("loginChallenge=", "loginChallenge=nooope")),
+            ]);
+
+            const error = await getGeneralError(page);
+            assert.strictEqual(error, SOMETHING_WENT_WRONG_ERROR);
+        });
+
         it("should successfully complete the OAuth2 flow", async function () {
             const { client } = await createOAuth2Client({
                 scope: "offline_access profile openid email",
@@ -165,6 +197,67 @@ describe("SuperTokens OAuth2Provider", function () {
             await waitForUrl(page, "/oauth/callback");
         });
 
+        it("should handle invalid logoutChallenge in the OAuth2 Logout flow", async function () {
+            const postLogoutRedirectUri = `${TEST_CLIENT_BASE_URL}/oauth/login?logout=true`;
+
+            const { client } = await createOAuth2Client({
+                scope: "offline_access profile openid email",
+                redirectUris: [`${TEST_CLIENT_BASE_URL}/oauth/callback`],
+                postLogoutRedirectUris: [postLogoutRedirectUri],
+                accessTokenStrategy: "jwt",
+                tokenEndpointAuthMethod: "none",
+                grantTypes: ["authorization_code", "refresh_token"],
+                responseTypes: ["code", "id_token"],
+                skipConsent: true,
+            });
+
+            await setOAuth2ClientInfo(
+                page,
+                client.clientId,
+                undefined,
+                undefined,
+                undefined,
+                JSON.stringify({
+                    post_logout_redirect_uri: postLogoutRedirectUri,
+                })
+            );
+
+            await Promise.all([
+                page.waitForNavigation({ waitUntil: "networkidle0" }),
+                page.goto(`${TEST_CLIENT_BASE_URL}/oauth/login`),
+            ]);
+
+            let loginButton = await getOAuth2LoginButton(page);
+            await loginButton.click();
+
+            await waitForUrl(page, "/auth");
+
+            await toggleSignInSignUp(page);
+            const { fieldValues, postValues } = getDefaultSignUpFieldValues({ email: getTestEmail() });
+            await signUp(page, fieldValues, postValues, "emailpassword");
+
+            await waitForUrl(page, "/oauth/callback");
+
+            // Logout
+            const logoutButton = await getOAuth2LogoutButton(page, "redirect");
+            await logoutButton.click();
+
+            await waitForUrl(page, "/auth/oauth/logout");
+
+            await Promise.all([
+                page.waitForNavigation({ waitUntil: "networkidle0" }),
+                page.goto(page.url().replace("logoutChallenge=", "logoutChallenge=nooope")),
+            ]);
+
+            // Click the Logout button on the provider website
+            const stLogoutButton = await waitForSTElement(page, "[data-supertokens~=button]");
+            await stLogoutButton.click();
+
+            // Ensure the we get redirected to the auth page
+            await waitForUrl(page, "/auth/");
+            await waitForSTElement(page);
+        });
+
         it("should successfully complete the OAuth2 Logout flow", async function () {
             const postLogoutRedirectUri = `${TEST_CLIENT_BASE_URL}/oauth/login?logout=true`;
Original file line number	Diff line number	Diff line change
`@@ -197,7 +197,8 @@ const AuthPageInner: React.FC<AuthPageProps> = (props) => {`
`197`	`197`	`}`
`198`	`198`	`},`
`199`	`199`	`() => {`
`200`		`- return clearQueryParams(["loginChallenge"]);`
	`200`	`+ clearQueryParams(["loginChallenge"]);`
	`201`	`+ setError("SOMETHING_WENT_WRONG_ERROR");`
`201`	`202`	`}`
`202`	`203`	`);`
`203`	`204`