Don't require `post_logout_redirect_uri`

[meesvandongen]

Summary

The post_logout_redirect_uri is not required in the openid specification. https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout ; However, the oauth2-mock-server checks for this anyway.

Desired solution

The post logout redirect uri is not checked.

Alternative solutions

make it configurable somehow.

[meesvandongen]

I was able to work around this by creating a custom endpoint:

const server = new OAuth2Server();
server.service.requestHandler.get(`/connect/endSession`, (req, res) => {
  server.service.emit("customBeforePostLogoutRedirect", req, res);
  res.status(204).end();
});
await server.issuer.keys.add(key);
await server.start(port, "0.0.0.0");

[markbrockhoff]

Hi, I just ran into the exact same issue.

@meesvandongen could you reopen the issue? Even though you found a workaround I still belive this should be fixed within the library.

[markbrockhoff]

Thanks @meesvandongen