mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
OIDC logout: use a fixed post logout redirect uri
This commit is contained in:
parent
c27f832851
commit
0ab719d640
@ -79,6 +79,7 @@ import { SendAppPageFunction } from 'app/server/lib/sendAppPage';
|
||||
import { StringUnionError } from 'app/common/StringUnion';
|
||||
import { EnabledProtection, EnabledProtectionString, ProtectionsManager } from './oidc/Protections';
|
||||
import { SessionObj } from './BrowserSession';
|
||||
import { getOriginUrl } from './requestUtils';
|
||||
|
||||
const CALLBACK_URL = '/oauth2/callback';
|
||||
|
||||
@ -289,7 +290,8 @@ export class OIDCConfig {
|
||||
return this._endSessionEndpoint;
|
||||
}
|
||||
return this._client.endSessionUrl({
|
||||
post_logout_redirect_uri: redirectUrl.href,
|
||||
// Ignore redirectUrl because OIDC providers don't allow variable redirect URIs
|
||||
post_logout_redirect_uri: new URL('/signed-out', getOriginUrl(req)).href,
|
||||
id_token_hint: session?.oidc?.idToken,
|
||||
});
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user