LogoutRequest creates invalid URIs when used with AWS Cognito
Issue #285
resolved
AWS Cognito's /logout method is unusual, but valid. It's request looks like:
GET https://mydomain.auth.us-east-1.amazoncognito.com/logout?
client_id=my-id&
logout_uri=com.myclientapp://myclient/logout
When passed into c.n.openid.connect.sdk.LogoutRequest, the toURI() method just tacks on the logout params to the endpoint URI using?`. As such, the resulting logout request for Cognito would look like:
GET https://mydomain.auth.us-east-1.amazoncognito.com/logout?
client_id=my-id&logout_uri=com.myclientapp://myclient/logout?id_token_hint=hint&post_logout_redirect_uri=my-post-logout-uri.com&state=my-state
Notice the double ?.
LogoutRequest.toURI() should check for existing parameters in the endpoint URL before appending any additional, and use ? or & as needed.
Cognito logout docs: https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html
Comments (3)
-
-
- changed status to open
-
- changed status to resolved
Fixed in 7a47ec9a.
To be released later tonight as v 7.0.
- Log in to comment
This doesn’t look good, thanks for the report.