auth.logout() does not send token for proper logout from IDP

Question

auth.logout() does not send token for proper logout from IDP

gibsonf1 opened this issue 4 years ago · 0 comments

The auth.logout() is not sending the token to the Solid server which we need for identifying the user for proper logout.

The code in question is here:

export async function logout(
  storage: AsyncStorage,
  fetch: Function
): Promise<void> {
  const rp = await getStoredRp(storage)
  if (rp) {
    try {
      // First log out from the IDP
      await rp.logout()
      // Then, log out from the RP
      try {
        await fetch('/.well-known/solid/logout', { credentials: 'include' })
      } catch (e) {
        // Ignore errors for when we are not on a Solid pod
        // But tell users it is harmless because they will see the GET failure in the console
        console.info(
          "Couldn't find /.well-known/solid/logout, this is harmless."
        )
      }
    } catch (err) {
      console.warn('Error logging out of the WebID-OIDC session')
      console.error(err)
    }
  }
}

the rp.logout() does hit the IDP correctly, but without credentials, so the next call in this code to then use .well-known/solid/logout is not called as the IDP call returns a 401.

Any idea why rp.logout() is not including credentials?