adds openid logout to canon-core

Datawheel · Oct 5, 2022 · 17860ed · 17860ed
1 parent 4b18964
commit 17860ed
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/packages/core/README.md b/packages/core/README.md
@@ -766,6 +766,10 @@ export CANON_OPENID_ID="###############"
 export CANON_OPENID_SECRET="##############################"
 export CANON_OPENID_ROLES="profile,email"
 ```
+3. (Optional) To fully log out of OpenId on Canon Logout, set this variable:
+```sh
+export CANON_OPENID_LOGOUT="https://login.microsoftonline.com/###/oauth2/v2.0/logout"
+```
 
 ---
 

diff --git a/packages/core/src/auth/auth.js b/packages/core/src/auth/auth.js
@@ -51,8 +51,12 @@ module.exports = function (app) {
 
   app.get("/auth/logout", (req, res) => {
     req.logout();
-    //TBD: Force logout for openID? I don't think so. https://github.com/passport/todos-express-auth0/blob/main/routes/auth.js#L43-L50
-    return res.redirect("/");
+    if (req.query.openid === "true" && process.env.CANON_OPENID_LOGOUT) {
+      res.redirect(process.env.CANON_OPENID_LOGOUT)
+    }
+    else {
+      return res.redirect("/");
+    }
   });
 
   app.get("/auth/users", isRole(2), (req, res) => {