1771 - Set id_token_hint when logging out (Signed) (#2151)

Co-authored-by: simon-debruijn <simon.debruijn@hotmail.com>

Author: tusharpandey13

src/auth0-session/client/edge-client.ts

@@ -218,7 +218,7 @@ export class EdgeClient extends AbstractClient {
       this.config.idpLogout &&
       (this.config.auth0Logout || (issuerUrl.hostname.match('\\.auth0\\.com$') && this.config.auth0Logout !== false))
     ) {
-      const { id_token_hint, post_logout_redirect_uri, ...extraParams } = parameters;
+      const { post_logout_redirect_uri, ...extraParams } = parameters;
       const auth0LogoutUrl: URL = new URL(urlJoin(as.issuer, '/v2/logout'));
       post_logout_redirect_uri && auth0LogoutUrl.searchParams.set('returnTo', post_logout_redirect_uri);
       auth0LogoutUrl.searchParams.set('client_id', this.config.clientID);

src/auth0-session/client/node-client.ts

@@ -147,7 +147,7 @@ export class NodeClient extends AbstractClient {
       ) {
         Object.defineProperty(this.client, 'endSessionUrl', {
           value(params: EndSessionParameters) {
-            const { id_token_hint, post_logout_redirect_uri, ...extraParams } = params;
+            const { post_logout_redirect_uri, ...extraParams } = params;
             const parsedUrl = new URL(urlJoin(issuer.metadata.issuer, '/v2/logout'));
             parsedUrl.searchParams.set('client_id', config.clientID);
             post_logout_redirect_uri && parsedUrl.searchParams.set('returnTo', post_logout_redirect_uri);

tests/auth0-session/client/edge-client.test.ts

@@ -235,6 +235,24 @@ describe('edge client', function () {
     );
   });
 
+  it('should create custom logout for auth0 with id_token_hint', async function () {
+    nock('https://test.eu.auth0.com')
+      .get('/.well-known/openid-configuration')
+      .reply(200, { ...wellKnown, issuer: 'https://test.eu.auth0.com/', end_session_endpoint: undefined });
+    nock('https://test.eu.auth0.com').get('/.well-known/jwks.json').reply(200, jwks);
+
+    const client = await getClient({
+      issuerBaseURL: 'https://test.eu.auth0.com',
+      idpLogout: true,
+    });
+
+    const idToken = await makeIdToken()
+
+    await expect(client.endSessionUrl({ post_logout_redirect_uri: 'foo', id_token_hint: idToken })).resolves.toEqual(
+      `https://test.eu.auth0.com/v2/logout?returnTo=foo&client_id=__test_client_id__&id_token_hint=${idToken}`
+    );
+  });
+
   it('should remove null params from oidc logout endpoint', async function () {
     const client = await getClient({ ...defaultConfig, idpLogout: true });
     await expect(client.endSessionUrl({ foo: null } as any)).resolves.toEqual(

tests/auth0-session/client/node-client.test.ts

@@ -1,6 +1,6 @@
 import nock from 'nock';
 import { getConfig, ConfigParameters } from '../../../src/auth0-session';
-import { jwks } from '../fixtures/cert';
+import { jwks, makeIdToken } from '../fixtures/cert';
 import pkg from '../../../package.json';
 import wellKnown from '../fixtures/well-known.json';
 import version from '../../../src/version';
@@ -180,6 +180,24 @@ describe('node client', function () {
     );
   });
 
+  it('should create custom logout for auth0 with id_token_hint', async function () {
+    nock('https://test.eu.auth0.com')
+      .get('/.well-known/openid-configuration')
+      .reply(200, { ...wellKnown, issuer: 'https://test.eu.auth0.com/', end_session_endpoint: undefined });
+    nock('https://test.eu.auth0.com').get('/.well-known/jwks.json').reply(200, jwks);
+
+    const client = await getClient({
+      issuerBaseURL: 'https://test.eu.auth0.com',
+      idpLogout: true,
+    });
+
+    const idToken = await makeIdToken()
+
+    await expect(client.endSessionUrl({ post_logout_redirect_uri: 'foo', id_token_hint: idToken })).resolves.toEqual(
+      `https://test.eu.auth0.com/v2/logout?client_id=__test_client_id__&returnTo=foo&id_token_hint=${idToken}`
+    );
+  });
+
   it('should handle limited openid-configuration', async function () {
     nock('https://op2.example.com')
       .get('/.well-known/openid-configuration')