mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-07-16 05:54:01 +03:00
post_logout_redirect_uri not working in end-session endpoint #604
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ai480 on GitHub (Jan 12, 2026).
Description
The
post_logout_redirect_uriparameter in the OIDC end-session endpoint doesn't redirect the user back to the specified URI after logout.Steps to Reproduce
https://auth.example.com/api/oidc/end-session?post_logout_redirect_uri=https://app.example.comExpected Behavior
After confirming logout, the user should be redirected to
https://app.example.com(thepost_logout_redirect_uri).Actual Behavior
After confirming logout, the user is redirected to
https://auth.example.com/login?redirect=%2Finstead of the specified redirect URI.Additional Context
end_session_endpointis correctly advertised in/.well-known/openid-configurationEnvironment
Suggested Solution
The end-session endpoint should:
post_logout_redirect_uriparameter