Version
20.0.3
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
No exception or error. Simply left out behaviour.
Steps to reproduce the behavior
Sign in with any config that returns an `endSessionEndpoint` from their /.well-known/openid-configuration endpoint, and then trigger a logoff. `LogoffRevocationService` at line 5055 returns `null`.
A clear and concise description of what you expected to happen.
The fetched endSessionEndpoint shall be available during logoff().
Additional context
Prior to calling this.oidcSecurityService.logoff(configId) my fetched config has the authWellknownEndpoints set. But when calling the logoff() method it gets the config internally through ConfigurationService.configsInternal.
The internal configs does not contain the authWellknownEndpoints unless specifically set in the config, whereas the property is available when fetching the config through this.oidcSecurityService.getConfiguration(configId).
The result of this is that the library doesn't detect any endSessionEndpoint, hence in this case, doesn't redirect to the Microsoft signout page.
After fetching wellknown endpoints, they should be used while signing out. Either the ConfigurationService.configsInternal shall be modified, or OidcSecurityService.logoff() should fetch the configs with config.authWellknownEndpoints populated during logoff.
Version
20.0.3
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
Steps to reproduce the behavior
A clear and concise description of what you expected to happen.
Additional context
Prior to calling
this.oidcSecurityService.logoff(configId)my fetched config has the authWellknownEndpoints set. But when calling thelogoff()method it gets the config internally throughConfigurationService.configsInternal.The internal configs does not contain the authWellknownEndpoints unless specifically set in the config, whereas the property is available when fetching the config through
this.oidcSecurityService.getConfiguration(configId).The result of this is that the library doesn't detect any endSessionEndpoint, hence in this case, doesn't redirect to the Microsoft signout page.
After fetching wellknown endpoints, they should be used while signing out. Either the
ConfigurationService.configsInternalshall be modified, orOidcSecurityService.logoff()should fetch the configs withconfig.authWellknownEndpointspopulated during logoff.