LogoutRequest creates invalid URIs when used with AWS Cognito

Issue #285 resolved
Former user created an issue

AWS Cognito's /logout method is unusual, but valid. It's request looks like:

GET https://mydomain.auth.us-east-1.amazoncognito.com/logout?
client_id=my-id&
logout_uri=com.myclientapp://myclient/logout

When passed into c.n.openid.connect.sdk.LogoutRequest, the toURI() method just tacks on the logout params to the endpoint URI using?`. As such, the resulting logout request for Cognito would look like:

GET https://mydomain.auth.us-east-1.amazoncognito.com/logout?
client_id=my-id&logout_uri=com.myclientapp://myclient/logout?id_token_hint=hint&post_logout_redirect_uri=my-post-logout-uri.com&state=my-state

Notice the double ?.

LogoutRequest.toURI() should check for existing parameters in the endpoint URL before appending any additional, and use ? or & as needed.

Cognito logout docs: https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html

Comments (3)

  1. Log in to comment