diff --git a/src/providers/okta.provider.ts b/src/providers/okta.provider.ts index 97dbed6..a406729 100644 --- a/src/providers/okta.provider.ts +++ b/src/providers/okta.provider.ts @@ -698,10 +698,19 @@ export class OktaProvider { if (!user) { return ctx.throw(401, 'Not logged'); } - await OktaService.logoutUser(user); + let redirect_uri: string = '/auth/login'; + + if (ctx.session.callbackUrl) { + logger.info('[OktaProvider] - Url redirect', ctx.session.callbackUrl); + + redirect_uri = ctx.session.callbackUrl; + } + + await OktaService.logoutUser(user); await ctx.logout(); - ctx.redirect('/auth/login'); + + ctx.redirect(redirect_uri.toString()); } static async signUp(ctx: Context): Promise { diff --git a/test/e2e/okta/okta-oauth-user-logout.spec.ts b/test/e2e/okta/okta-oauth-user-logout.spec.ts index ef272c3..af590a3 100644 --- a/test/e2e/okta/okta-oauth-user-logout.spec.ts +++ b/test/e2e/okta/okta-oauth-user-logout.spec.ts @@ -76,6 +76,30 @@ describe('[OKTA] GET logout current user session', () => { response.status.should.equal(200); }); + it('Logging out with callbackUrl should redirect', async () => { + + nock('https://www.wikipedia.org') + .get('/') + .reply(200, 'ok'); + + const user: OktaUser = getMockOktaUser(); + const token: string = mockValidJWT({ + id: user.profile.legacyId, + email: user.profile.email, + role: user.profile.role, + extraUserData: { apps: user.profile.apps }, + }); + mockOktaListUsers({ limit: 1, search: `(profile.legacyId eq "${user.profile.legacyId}")` }, [user]); + mockOktaLogoutUser(user.id); + + const response: request.Response = await requester + .get(`/auth/logout?callbackUrl=https://www.wikipedia.org/`) + .set('Authorization', `Bearer ${token}`); + + response.should.redirect; + response.should.redirectTo('https://www.wikipedia.org/'); + }); + after(async () => { await closeTestAgent(); });