Fix POST handling by /signout endpoint

Question

Fix POST handling by /signout endpoint

dmitrizagidulin opened this issue 9 years ago · 0 comments

The Signout route suggests that POST support should be handled by the server:

  server.get('/signout', oidc.signout)
  server.post('/signout', oidc.signout)

But the actual route handler doesn't seem to support POST:

function signout (req, res, next) {
  var uri = req.query.post_logout_redirect_uri
  var hint = req.query.id_token_hint

And also requires that post_logout_redirect_uri is present, if using id_token_hint. Which makes sense when a client is doing a GET to /signout, but less so for a POST.

So:

Add req.body parameter support, for POST handling
On a POST, do not require post_logout_redirect_uri to be present.