Problem/Motivation

When logging out we redirect the login.

Steps to reproduce

- Login
- Logout on /oidc/logout-redirect

Expected is a redirect to the front page but we get redirected to the login.

Issue fork oidc-3229396

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

mpp created an issue. See original summary.

mpp opened merge request !3

mpp’s picture

mpp commented
Status: Active » Needs review
matthijs’s picture

matthijs
Primary language Dutch
commented

How does your destination get set to the logout path? That would mean you invoke the logout page with an invalid destination.

mpp’s picture

mpp commented

Just by directly going to /oidc/logout-redirect (cf. the idp return path) as an anonymous user (Drupal 9) the destination is set to "/oidc/logout-redirect":
- /user/logout 302 => location: /oidc/logout
- /oidc/logout 302 => location: https://IDP/logout?...&post_logout_redirect_uri=DRUPAL/oidc/logout-redirect <=
- idp/logout?..&post_logout_redirect_uri=/oidc/logout-redirect 302 => Location: /oidc/logout-redirect?state=...
- /oidc/logout-redirect?state=... 302 => location: /oidc/login/type?destination=/oidc/logout-redirect
- /oidc/login/type?destination=/oidc/logout-redirect 401

matthijs’s picture

matthijs
Primary language Dutch
commented

You shouldn't access "/oidc/logout-redirect" directly, use /logout instead.

The redirect past is used when returning from the provider. Excluding this one might lead to a discussion to exclude other paths as well

mpp’s picture

mpp commented

I am using the default /user/logout, which redirects to /oidc/logout which redirects to the provider logout with a return URL to /oidc/logout-redirect which redirects to /oidc/login/type?destination=/oidc/logout-redirect.

The problem is that since the Drupal 9 upgrade for some projects we see that the destination parameter is added, this wasn't the case in Drupal 8.9 but also that it redirects to the login instead of the homepage:
GET /oidc/logout-redirect?state=... 302 location: /oidc/login/type?destination=/oidc/logout-redirect

  • Matthijs committed 7e0703d on 1.x 
    Issue #3229396: Fix compatibility with Drupal 9.2
matthijs’s picture

matthijs
Primary language Dutch
commented
Assigned: mpp » Unassigned
Status: Needs review » Fixed
matthijs’s picture

matthijs
Primary language Dutch
commented

This issue was caused by a broken (destroyed) session due to a change in Drupal 9.2.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Matthijs closed merge request !3