post_logout_redirect_uri during logout and last visited url

[lomboboo]

Issue and Steps to Reproduce

Trying to evaluate this package for our needs instead of oidc-client-ts. Your package has a very clever solution to the refresh token flow problems, so kudos to all involved!

I mostly got everything working except during logout, by default post_logout_redirect_uri is set to the current path from the window location. In my understand it should be a part of the ODIC configuration as a required property.

Instead, when logout() called is sets post_logout_redirect_uri to the current path and fails validation with IdentityServer ClientPostLogoutRedirectUris table ending up on the Logout page in IdentityServer with no redirection back.

Since there is no post_logout_redirect_uri in the ODIC configuration, I am calling logout(window.location.origin) so that post_logout_redirect_uri matches with my IDS4 configuration, but now I am not sure how to redirect user to the page he was logged out from. I image it would be something like oidc-client-ts does, setting state with lastUrl or smth and storing it somewhere in localstorage. Then retrieve it in some event or creating special route for post logout url - not sure, but I can't find any examples of how to do this correctly or maybe it's already implemented in some way and I couldn't find it.

My goal here is during any logout user should be redirected back to the page he was logged out from after re-login.

Versions

oidc-client - Latest
IdentityServer4 - 3.1.0

const configuration = {
    client_id: ClientConfig.config.clientId,
    redirect_uri: `${ClientConfig.config.hostBaseUrl}/callback`,
    silent_redirect_uri: `${ClientConfig.config.hostBaseUrl}/silent-callback`,
    scope: `openid profile ${ClientConfig.config.clientId} offline_access`,
    authority: ClientConfig.config.idpServerUrl,
    service_worker_relative_url: '/OidcServiceWorker.js',
    service_worker_only: false,
  };
  ...
  
  const onClickLogout = () => {
    ...
    await logout(window.location.origin);
  }

[guillaume-chervet]

Hi @lomboboo ,

logout(window.location.origin) should work but You need to declare On your OIDC Server all logout possible URI to make it works.

[lomboboo]

@guillaume-chervet there is no way to define all possible URIs because client router is dynamic.
It's fine for me to define one dedicated post_logout_redirect_uri as it should be, but I need a way to redirect user back to the page he was logged out from.

So ideally, there should be something like this or this. Is there something like that implemented in your library or something that you're willing to add?

[guillaume-chervet]

@lomboboo, youcan easily create you /logout route that redirect to the path where your user log out. Juste save for exemple the /path in the session state before calling oidc logout method.

[lomboboo]

Do I understand correctly, you suggest saving last accessed url during logout and then listening to some event after singin callback to retrieve saved url and replace the history using client router? (we don't use login action and fully rely on automatic sing-in triggered in OidcSecure)
I kind of hoped for the "out of the box" solution since it is pretty common scenario