From bfbe8de98a6a7a2d32dd8d4dddbcc1d4ce6388f4 Mon Sep 17 00:00:00 2001
From: "Marvin A. Ruder" <signed@mruder.dev>
Date: Tue, 15 Oct 2024 20:49:43 +0200
Subject: [PATCH] fix(oauth): add `post_logout_redirect_uri` to OAuth logout
 redirect URI (#638)

* Add `post_logout_redirect_uri` to OAuth logout redirect URI

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>

* Update OAuth2 configuration documentation

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>

---------

Signed-off-by: Marvin A. Ruder <signed@mruder.dev>
---
 backend/src/auth/auth.service.ts | 1 +
 docs/docs/setup/oauth2login.md   | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts
index 501990d5..6337f919 100644
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -274,6 +274,7 @@ export class AuthService {
             URL.canParse(configuration.end_session_endpoint)
           ) {
             const redirectURI = new URL(configuration.end_session_endpoint);
+            redirectURI.searchParams.append("post_logout_redirect_uri", this.config.get("general.appUrl"));
             redirectURI.searchParams.append("id_token_hint", idTokenHint);
             redirectURI.searchParams.append(
               "client_id",
diff --git a/docs/docs/setup/oauth2login.md b/docs/docs/setup/oauth2login.md
index cc7132c0..fb416c74 100644
--- a/docs/docs/setup/oauth2login.md
+++ b/docs/docs/setup/oauth2login.md
@@ -42,7 +42,9 @@ Redirect URL: `https://<your-domain>/api/oauth/callback/discord`
 
 Generic OpenID Connect provider is also supported, we have tested it on Keycloak, Authentik and Casdoor.
 
-Redirect URL: `https://<your-domain>/api/oauth/callback/oidc`
+Redirect URI: `https://<your-domain>/api/oauth/callback/oidc`
+
+Post Logout Redirect URI: `https://<your-domain>`
 
 ## Custom your OAuth 2 Provider