Skip to content

Commit addd5a7

Browse files
committed
chore: release v1.9.0
1 parent 1680ec1 commit addd5a7

39 files changed

Lines changed: 304 additions & 192 deletions

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,12 @@
11
# Changelog
22

3+
# [1.9.0](https://github.com/PlusAuth/oidc-client-js/compare/v1.8.0...v1.9.0) (2026-03-02)
4+
5+
6+
### Features
7+
8+
* logout with popup methods ([295418c](https://github.com/PlusAuth/oidc-client-js/commit/295418cdc16d5436972adc91b4d5658a6d8bfe58))
9+
310
# [1.8.0](/compare/v1.7.1...v1.8.0) (2025-12-11)
411

512

dist/oidc-client.d.mts

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/*!
2-
* @plusauth/oidc-client-js v1.8.0
2+
* @plusauth/oidc-client-js v1.9.0
33
* https://github.com/PlusAuth/oidc-client-js
4-
* (c) 2025 @plusauth/oidc-client-js Contributors
4+
* (c) 2026 @plusauth/oidc-client-js Contributors
55
* Released under the MIT License
66
*/
77
//#region src/constants/events.d.ts
@@ -202,6 +202,13 @@ interface LogoutRequestOptions {
202202
localOnly?: boolean;
203203
/** Redirect URL after logout completes. */
204204
post_logout_redirect_uri?: string;
205+
/**
206+
* Internal request type:
207+
* - `"s"` → silent
208+
* - `"p"` → popup
209+
* - `"d"` → standard redirect
210+
*/
211+
request_type?: "s" | "p" | "d";
205212
}
206213
/**
207214
* OpenID Provider metadata (discovery document).
@@ -353,6 +360,8 @@ interface PopupOptions {
353360
* @default 60000
354361
*/
355362
timeout?: number;
363+
/** Expected message type from the popup. */
364+
type?: string;
356365
}
357366
/**
358367
* Configuration for iframe-based silent authentication.
@@ -538,6 +547,25 @@ declare class OIDCClient extends EventEmitter<EventTypes> {
538547
* @param options
539548
*/
540549
logout(options?: LogoutRequestOptions): Promise<void>;
550+
/**
551+
* Open a popup with the provider's `end_session_endpoint`. After logout provider will redirect to
552+
* provided `post_logout_redirect_uri` if it provided.
553+
*
554+
* NOTE: Most browsers block popups if they are not happened as a result of user actions. In order to display
555+
* logout popup you must call this method in an event handler listening for a user action like button click.
556+
*
557+
* @param options
558+
* @param popupOptions
559+
*/
560+
logoutWithPopup(options?: LogoutRequestOptions, popupOptions?: PopupOptions): Promise<void>;
561+
/**
562+
* After a user successfully logs out, the authorization server will redirect the user back to
563+
* the application's `post_logout_redirect_uri`. In the logout callback page you should
564+
* call this method.
565+
*
566+
* @param url Full url which contains logout request result parameters. Defaults to `window.location.href`
567+
*/
568+
logoutCallback(url?: string): Promise<undefined>;
541569
/**
542570
* OAuth2 token revocation implementation method. See more at [tools.ietf.org/html/rfc7009](https://tools.ietf.org/html/rfc7009)
543571
* @param token Token to be revoked

dist/oidc-client.min.js

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/oidc-client.min.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/oidc-client.mjs

Lines changed: 53 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/*!
2-
* @plusauth/oidc-client-js v1.8.0
2+
* @plusauth/oidc-client-js v1.9.0
33
* https://github.com/PlusAuth/oidc-client-js
4-
* (c) 2025 @plusauth/oidc-client-js Contributors
4+
* (c) 2026 @plusauth/oidc-client-js Contributors
55
* Released under the MIT License
66
*/
77
import { fromByteArray } from "base64-js";
@@ -671,7 +671,7 @@ function runPopup(url, options) {
671671
}, timeoutMs);
672672
window.addEventListener("message", messageListener);
673673
function messageListener(e) {
674-
if (!e.data || e.data.type !== "authorization_response") return;
674+
if (!e.data || e.data.type !== (options.type || "authorization_response")) return;
675675
clearHandlers();
676676
popup.close();
677677
const data = e.data.response || e.data;
@@ -901,7 +901,55 @@ var OIDCClient = class extends EventEmitter {
901901
id_token_hint
902902
}));
903903
}
904-
await this.authStore.clear();
904+
this.emit(Events.USER_LOGOUT);
905+
}
906+
/**
907+
* Open a popup with the provider's `end_session_endpoint`. After logout provider will redirect to
908+
* provided `post_logout_redirect_uri` if it provided.
909+
*
910+
* NOTE: Most browsers block popups if they are not happened as a result of user actions. In order to display
911+
* logout popup you must call this method in an event handler listening for a user action like button click.
912+
*
913+
* @param options
914+
* @param popupOptions
915+
*/
916+
async logoutWithPopup(options = {}, popupOptions = {}) {
917+
if (!options.localOnly) {
918+
const storedAuth = await this.authStore.get("auth");
919+
const id_token_hint = options.id_token_hint || storedAuth?.id_token_raw;
920+
await runPopup(await this.createLogoutRequest({
921+
...options,
922+
id_token_hint,
923+
request_type: "p"
924+
}), {
925+
...popupOptions,
926+
type: "logout_response"
927+
});
928+
}
929+
this.emit(Events.USER_LOGOUT);
930+
}
931+
/**
932+
* After a user successfully logs out, the authorization server will redirect the user back to
933+
* the application's `post_logout_redirect_uri`. In the logout callback page you should
934+
* call this method.
935+
*
936+
* @param url Full url which contains logout request result parameters. Defaults to `window.location.href`
937+
*/
938+
async logoutCallback(url = window?.location?.href) {
939+
if (!url) return Promise.reject(new OIDCClientError("Url must be passed to handle logout redirect"));
940+
let parsedUrl;
941+
try {
942+
parsedUrl = new URL(url);
943+
} catch {
944+
return Promise.reject(new OIDCClientError(`Invalid callback url passed: "${url}"`));
945+
}
946+
const responseParams = parseQueryUrl(parsedUrl.search || parsedUrl.hash);
947+
const state = responseParams.state;
948+
if (window.opener && url) window.opener.postMessage({
949+
type: "logout_response",
950+
response: responseParams,
951+
state
952+
}, `${location.protocol}//${location.host}`);
905953
}
906954
/**
907955
* OAuth2 token revocation implementation method. See more at [tools.ietf.org/html/rfc7009](https://tools.ietf.org/html/rfc7009)
@@ -1089,6 +1137,7 @@ var OIDCClient = class extends EventEmitter {
10891137
const logoutParams = {
10901138
id_token_hint: finalOptions.id_token_hint,
10911139
post_logout_redirect_uri: finalOptions.post_logout_redirect_uri,
1140+
state: finalOptions.state,
10921141
...finalOptions.extraLogoutParams || {}
10931142
};
10941143
return `${this.options.endpoints.end_session_endpoint}${buildEncodedQueryString(logoutParams)}`;

docs/assets/hierarchy.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/assets/icons.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/assets/icons.svg

Lines changed: 1 addition & 1 deletion
Loading

docs/assets/search.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/classes/AuthenticationError.html

Lines changed: 5 additions & 5 deletions
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)