Pass custom callback URL to handleLogout()

[jkjustjoshing]

Describe the problem you'd like to have solved

I'd like to send a query parameter to the logout callback endpoint. For example, the current user's name, so I can put on the callback screen "John Smith has successfully logged out".

Describe the ideal solution

The idea in my mind right now is adding a 3rd parameter to handleLogout() with a custom callback URL. This could then get passed as a 2nd parameter to createLogoutUrl(). postLogoutRedirectUri could be used as a fallback if the dev doesn't manually set it.

Alternatives and current work-arounds

You could set a cookie/localStorage value and then read it after the redirect comes back.

[jkjustjoshing]

I'm happy to submit a PR to make this change, once @sandrinodimattia confirms the idea is a good one.

[sandrinodimattia]

Hij @jkjustjoshing, I would argue that this use case goes beyond the scope of this library. And it goes against the latest BCP:

   Authorization servers SHALL utilize exact matching of client redirect
   URIs against pre-registered URIs.  This measure contributes to the
   prevention of leakage of authorization codes and access tokens
   (depending on the grant type).  It also helps to detect mix-up
   attacks.

So I would suggest storing that message in a cookie or local storage.