diff --git a/README.md b/README.md index 904b83ec..e529b5b7 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,20 @@ $oidc->setPrivateKeyJwtGenerator(function(string $token_endpoint) { }) ``` +## Example 11: Enable logout behavior for AWS Cognito + +```php +// NOTE: assumes that $oidc is an instance of OpenIDConnectClient() + +// enable logout behavior for AWS Cognito before call signOut() +$oidc->setAwsCognitoFlow(true); + +// call the signOut() function +// Be sure to get $idToken and $redirect from the logout request +$oidc->signOut($idToken, $redirect); + +// Referente: https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html +``` ## Development Environments ## In some cases you may need to disable SSL security on your development systems. diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php index adabf80c..ed37ea32 100644 --- a/src/OpenIDConnectClient.php +++ b/src/OpenIDConnectClient.php @@ -254,6 +254,11 @@ class OpenIDConnectClient */ private $token_endpoint_auth_methods_supported = ['client_secret_basic']; + /** + * @var bool Enable or disable logout parameters for AWS Cognito + */ + private $awsCognitoFlow = false; + /** * @param string|null $provider_url optional * @param string|null $client_id optional @@ -439,6 +444,12 @@ public function signOut(string $idToken, $redirect) { if($redirect === null){ $signout_params = ['id_token_hint' => $idToken]; } + elseif($this->awsCognitoFlow){ + $signout_params = [ + 'id_token_hint' => $idToken, + 'client_id' => $this->clientID, + 'logout_uri' => $redirect]; + } else { $signout_params = [ 'id_token_hint' => $idToken, @@ -2022,6 +2033,10 @@ public function setCodeChallengeMethod(string $codeChallengeMethod) { $this->codeChallengeMethod = $codeChallengeMethod; } + public function setAwsCognitoFlow(bool $awsCognitoFlow) { + $this->awsCognitoFlow = $awsCognitoFlow; + } + /** * @throws OpenIDConnectClientException */