signoutRedirect of oidc-client-js against Auth0 returns no end session endpoint

H

2

9

I've successfully used the oidc-client-js library by Brock Allen to authenticate my SPA app with Auth0 acting as my Identity Provider. However, when I try to use the library to sign the user out mgr.signoutRedirect({state: "my test"}), I receive an error: no end session endpoint.

A look at the metadata endpoint shows that there is a revocation endpoint.

I've configured the oidc-client-js library like so:

var settings = {
   authority: 'https://susqsofttest.auth0.com/.well-known/openid-configuration',
   client_id: 'my client id',
   redirect_uri: 'http://localhost:8080/signin-oidc',
   post_logout_redirect_uri: 'http://localhost:8080/logout',
   response_type: 'id_token token',
   scope: 'openid profile email',
   revokeAccessTokenOnSignout: true,
   automaticSilentRenew: true,
   filterProtocolClaims: true,
   loadUserInfo: true
};
var mgr = new UserManager(settings);

Any ideas of what I'm missing?

Hypopituitarism answered 13/6, 2018 at 19:4 Comment(0)

C

5

signout redirect explicitly looking at the Json property "end_session_endpoint" in your idp configuration, I do not see that endpoint in your idp configuration, and I guess, this is not something that you can override with oidc-client.js package.

Check this out on how they are retrieving the endpoint url from metadata. https://github.com/IdentityModel/oidc-client-js/blob/dev/src/OidcClient.js#L124

Canonry answered 13/6, 2018 at 19:37 Comment(0)

W

7

You can give metadata for oidc client by adding metadata section to user manager settings.

var settings = {
authority: 'https://susqsofttest.auth0.com/.well-known/openid-configuration',
client_id: 'my client id',
redirect_uri: 'http://localhost:8080/signin-oidc',
post_logout_redirect_uri: 'http://localhost:8080/logout',
response_type: 'id_token token',
scope: 'openid profile email',
revokeAccessTokenOnSignout: true,
automaticSilentRenew: true,
filterProtocolClaims: true,
loadUserInfo: true,
metadata: {
  issuer: `https://sts.windows.net/${tenant}/`,
  authorization_endpoint: `https://login.microsoftonline.com/${tenant}/oauth2/authorize`,
  token_endpoint: `https://login.microsoftonline.com/${tenant}/oauth2/token`,
  jwks_uri: 'https://login.microsoftonline.com/common/discovery/keys',
  end_session_endpoint: `https://login.microsoftonline.com/${tenant}/oauth2/logout`
}
};

This example is when using AzureAD. end_session_endpoint can be also your SPA route address like ${window.location.origin}/logout but then azure ad session won't end.

You can also set metadataUrl instead of metadata. 'https://login.microsoftonline.com/YOUR_TENANT_NAME.onmicrosoft.com/.well-known/openid-configuration',

Windermere answered 19/6, 2018 at 7:23 Comment(2)

I noticed this my old answer and must add that there is no need to metadata or metadataUrl anymore. We are just setting clientId, clientSecret, loadUserInfo: false and extraQueryParams object with resource parameter among few other parameters which are in my answer. I think when you set loadUserInfo to false there is no need for metadata info. loadUserInfo also generates CORS problem at some point if set to true. – Windermere 22/12, 2022 at 8:51

it would be a good idea to edit the answer instead of writing a comment – Abridge 20/7, 2023 at 9:19

C

5

signout redirect explicitly looking at the Json property "end_session_endpoint" in your idp configuration, I do not see that endpoint in your idp configuration, and I guess, this is not something that you can override with oidc-client.js package.

Check this out on how they are retrieving the endpoint url from metadata. https://github.com/IdentityModel/oidc-client-js/blob/dev/src/OidcClient.js#L124

Canonry answered 13/6, 2018 at 19:37 Comment(0)

Recommended topics

Hot tags