bcgov · trev-dev · Nov 28, 2024 · Jun 10, 2024 · Jun 17, 2024 · Jun 17, 2024
diff --git a/backend/src/app.js b/backend/src/app.js
@@ -100,7 +100,7 @@ async function addLoginPassportUse(discovery, strategyName, callbackURI, kc_idp_
     callbackURL: callbackURI,
     scope: discovery.scopes_supported,
     kc_idp_hint: kc_idp_hint
-  }, (_issuer, profile, _context, _idToken, accessToken, refreshToken, done) => {
+  }, (_issuer, profile, _context, idToken, accessToken, refreshToken, done) => {
     if ((typeof (accessToken) === 'undefined') || (accessToken === null) ||
       (typeof (refreshToken) === 'undefined') || (refreshToken === null)) {
       return done('No access token', null);
@@ -110,6 +110,7 @@ async function addLoginPassportUse(discovery, strategyName, callbackURI, kc_idp_
     profile.jwtFrontend = auth.generateUiToken();
     profile.jwt = accessToken;
     profile.refreshToken = refreshToken;
+    profile.idToken = idToken;
     profile._json = parseJwt(accessToken);
     return done(null, profile);
   }));

diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js
@@ -65,12 +65,17 @@ addBaseRouterGet('oidcBceidUMP', '/login_bceid_ump');
 
 //removes tokens and destroys session
 router.get('/logout', async (req, res, next) => {
-  const makeUrl = endpoint => encodeURIComponent(
-    config.get('logoutEndpoint')
-    + `?post_logout_redirect_uri=${config.get('server:frontend')}`
-    + endpoint
-    + `&client_id=${config.get('oidc:clientId')}`
-  );
+  let idToken = req?.session?.passport?.user?.idToken;
+
+  const makeUrl = endpoint => {
+    console.log(req.user);
+    return encodeURIComponent(
+      config.get('logoutEndpoint')
+        + `?post_logout_redirect_uri=${config.get('server:frontend')}`
+        + endpoint
+        + (idToken ? `&id_token_hint=${idToken}` : `&client_id=${config.get('oidc:clientId')}`)
+    );
+  };
 
   let retUrl;
   req.logout(err => {
@@ -94,6 +99,7 @@ router.get('/logout', async (req, res, next) => {
     } else {
       retUrl = makeUrl('/logout');
     }
+    console.log('RET ::: ', retUrl);
     res.redirect(config.get('siteMinder_logout_endpoint') + retUrl);
   });
 });