Merge pull request #185 from djbgeodan/fix-idp-logout

Remove session_state claim condition for end provider session
travisghansen · Oct 4, 2023 · 69c1946 · 69c1946
2 parents 3cfba92 + 8ad0d71
commit 69c1946
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 ![Image](https://img.shields.io/docker/pulls/travisghansen/external-auth-server.svg)
-![Image](https://img.shields.io/github/workflow/status/travisghansen/external-auth-server/CI?style=flat-square)
+![Image](https://img.shields.io/github/actions/workflow/status/travisghansen/external-auth-server/main.yml?branch=master&style=flat-square)
 
 # `external-auth-server`
 

diff --git a/src/plugin/oauth/index.js b/src/plugin/oauth/index.js
@@ -1511,33 +1511,32 @@ class BaseOauthPlugin extends BasePlugin {
           sessionPayload.tokenSet.id_token
         ) {
           let idToken = jwt.decode(sessionPayload.tokenSet.id_token);
-          // TODO: this check may not be entirely needed/wanted
-          if (idToken.session_state) {
-            const payload = {
-              redirect_uri: redirect_uri,
-              aud: configAudMD5,
-              req: {
-                headers: {
-                  referer: req.headers.referer,
-                },
+
+          const payload = {
+            redirect_uri: redirect_uri,
+            aud: configAudMD5,
+            req: {
+              headers: {
+                referer: req.headers.referer,
               },
-              request_is_xhr,
-            };
-            const stateToken = jwt.sign(payload, issuer_sign_secret);
-            const state = plugin.server.utils.encrypt(
-              issuer_encrypt_secret,
-              stateToken,
-              "hex"
-            );
+            },
+            request_is_xhr,
+          };
+          const stateToken = jwt.sign(payload, issuer_sign_secret);
+          const state = plugin.server.utils.encrypt(
+            issuer_encrypt_secret,
+            stateToken,
+            "hex"
+          );
 
-            redirect_uri = await client.endSessionUrl({
-              id_token_hint: sessionPayload.tokenSet.id_token,
-              post_logout_redirect_uri:
-                plugin.config.features.logout.end_provider_session
-                  .post_logout_redirect_uri,
-              state,
-            });
-          }
+          redirect_uri = await client.endSessionUrl({
+            id_token_hint: sessionPayload.tokenSet.id_token,
+            post_logout_redirect_uri:
+              plugin.config.features.logout.end_provider_session
+                .post_logout_redirect_uri,
+            state,
+          });
+
         }
 
         plugin.server.logger.info("deleting session: %s", session_id);