mariovalney/laravel-keycloak-web-guard

Bug introduced by Keycloak 18+.

Opened this issue · 0 comments

nunopedrosa commented

Keycloak 18 not longer supports redirect_uri parameter on logout and fails with an error:
See: https://www.keycloak.org/docs/latest/upgrading/index.html#openid-connect-logout

So, in KeycloakService.php, ** getLogoutUrl** should be something like:

public function getLogoutUrl() {
        $url = $this->getOpenIdValue('end_session_endpoint');

        if (empty($this->redirectLogout)) {
            $this->redirectLogout = url('/');
        }
        $params = [
            'client_id' => $this->getClientId(),
            #'redirect_uri' => $this->redirectLogout, # This is no longer supported and needs to be excluded
        ];
        $idToken= session()->get('keyIdToken'); # There is surely a better way to find the token...

        if (!empty($idToken)) {
            $params['post_logout_redirect_uri']= $this->redirectLogout; # These are the new optional Keycloak parameters
            $params['id_token_hint'] = $idToken; # These are the new optional Keycloak parameters
        }
        return $this->buildUrl($url, $params);
    }