From 8183fd0d0a13fa27f4965c6c7773db1dc26ed536 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Kooman?= Date: Fri, 12 Jul 2024 13:14:13 +0200 Subject: [PATCH] redirect back to root URI after mod_auth_openidc logout this allows use to be very strict with the `post_logout_redirect_uris` values and only register the application root See: https://openid.net/specs/openid-connect-rpinitiated-1_0.html --- src/Http/Auth/OidcAuthModule.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Http/Auth/OidcAuthModule.php b/src/Http/Auth/OidcAuthModule.php index 739713fc..93668654 100644 --- a/src/Http/Auth/OidcAuthModule.php +++ b/src/Http/Auth/OidcAuthModule.php @@ -48,7 +48,7 @@ class OidcAuthModule extends AbstractAuthModule // we redirect back to OIDCRedirectURI as defined in the Apache // configuration with the "logout" query parameter // @see https://github.com/zmartzone/mod_auth_openidc/wiki#9-how-do-i-logout-users - $request->getRootUri() . 'redirect_uri?' . http_build_query(['logout' => $request->requireReferrer()]) + $request->getRootUri() . 'redirect_uri?' . http_build_query(['logout' => $request->getRootUri()]) ); } -- 2.45.2