src/providers/okta.provider.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -698,10 +698,19 @@ export class OktaProvider { @@
             if (!user) {
                 return ctx.throw(401, 'Not logged');
             }
-            await OktaService.logoutUser(user);
+            let redirect_uri: string = '/auth/login';
+            if (ctx.session.callbackUrl) {
+              logger.info('[OktaProvider] - Url redirect', ctx.session.callbackUrl);
+              redirect_uri = ctx.session.callbackUrl;
+            }
+            await OktaService.logoutUser(user);
             await ctx.logout();
-            ctx.redirect('/auth/login');
+            ctx.redirect(redirect_uri.toString());
         }
         static async signUp(ctx: Context): Promise<void> {
@@ Expand Down @@

test/e2e/okta/okta-oauth-user-logout.spec.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -76,6 +76,30 @@ describe('[OKTA] GET logout current user session', () => { @@
             response.status.should.equal(200);
         });
+        it('Logging out with callbackUrl should redirect', async () => {
+            nock('https://www.wikipedia.org')
+                .get('/')
+                .reply(200, 'ok');
+            const user: OktaUser = getMockOktaUser();
+            const token: string = mockValidJWT({
+                id: user.profile.legacyId,
+                email: user.profile.email,
+                role: user.profile.role,
+                extraUserData: { apps: user.profile.apps },
+            });
+            mockOktaListUsers({ limit: 1, search: `(profile.legacyId eq "${user.profile.legacyId}")` }, [user]);
+            mockOktaLogoutUser(user.id);
+            const response: request.Response = await requester
+              .get(`/auth/logout?callbackUrl=https://www.wikipedia.org/`)
+              .set('Authorization', `Bearer ${token}`);
+            response.should.redirect;
+            response.should.redirectTo('https://www.wikipedia.org/');
+        });
         after(async () => {
             await closeTestAgent();
         });
@@ Expand Down @@

Adds redirect functionality to logout. #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

tanderegg merged 1 commit into staging from fix_logout

Sep 16, 2025

-Original file line number
+Diff line change
@@ Expand Up / @@ -698,10 +698,19 @@ export class OktaProvider { @@
             if (!user) {
                 return ctx.throw(401, 'Not logged');
             }
-            await OktaService.logoutUser(user);
+            let redirect_uri: string = '/auth/login';
+            if (ctx.session.callbackUrl) {
+              logger.info('[OktaProvider] - Url redirect', ctx.session.callbackUrl);
+              redirect_uri = ctx.session.callbackUrl;
+            }
+            await OktaService.logoutUser(user);
             await ctx.logout();
-            ctx.redirect('/auth/login');
+            ctx.redirect(redirect_uri.toString());
         }
         static async signUp(ctx: Context): Promise<void> {
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -76,6 +76,30 @@ describe('[OKTA] GET logout current user session', () => { @@
             response.status.should.equal(200);
         });
+        it('Logging out with callbackUrl should redirect', async () => {
+            nock('https://www.wikipedia.org')
+                .get('/')
+                .reply(200, 'ok');
+            const user: OktaUser = getMockOktaUser();
+            const token: string = mockValidJWT({
+                id: user.profile.legacyId,
+                email: user.profile.email,
+                role: user.profile.role,
+                extraUserData: { apps: user.profile.apps },
+            });
+            mockOktaListUsers({ limit: 1, search: `(profile.legacyId eq "${user.profile.legacyId}")` }, [user]);
+            mockOktaLogoutUser(user.id);
+            const response: request.Response = await requester
+              .get(`/auth/logout?callbackUrl=https://www.wikipedia.org/`)
+              .set('Authorization', `Bearer ${token}`);
+            response.should.redirect;
+            response.should.redirectTo('https://www.wikipedia.org/');
+        });
         after(async () => {
             await closeTestAgent();
         });
@@ Expand Down @@

Provide feedback