Logout doesn't include id_token_hint in the redirect url

[abeven]

Hi there - I'm creating this issue to track a tiny pull request I'm about to do. I'm using Identity Server 4, and one of the parameters for the connect/endsession endpoint (part of the OpenID spec) is id_token_hint.

If it's missing at logout then the identity server won't be able to properly identify the current session.

Great library. Thank you.

[matik12]

Hi abeven

thanks for your feedback and created pull request. I added some comments to changes you have made to incorporate new parameter in the plugin, so please apply them.

I had the same issue previously when I was using Identity Server 3 as my mock provider together with this plugin. I wanted to add new paramter for hint to send back id token on the logout redirect to have it fully working, but I couldn't do that. The reason was that, I configured plugin to intercept access_token rather then id_token on login redirect, because only the first one contains custom claims added to the user JWT token in custom identiy server code implementation. Due to that issue, plugin stored access_token with correct user claims, but logout hint would require id_token to work properly. This could casue to many changes in the plugin to store 2 tokens only to work with mock provider. For that reason I used one of the samples of IS3 and adjusted it a little bit, so it was not requiring hint parameter any more in logout flow, just redirecting to proper page.
I just wanted to share my previous experience with IS3, although this is maybe not the case, becasue you don't use claims in the token and this should hopefully work.

Thanks
Mat