Standard wordpress logout url returns wrong logout url to delete Auth0 session and does not respect return url

[philipdalen]

Reproduction steps

1. Navigate to https://dcg-deutschland.de/ and click on "LOGIN"
2. Enter your credentials and click on "Log In"
3. In the top right corner you will notice the appearance of the "LOGOUT" button. Please note that the logout link is currently set to (https://dcg-deutschland.de/wp-login.php?action=logout&redirect_to=https%3A%2F%2Fdcg-deutschland.de&_wpnonce=77d0344246)
4. Click on "LOGOUT"
5. In the network tab you will notice that the response of the logout url is as follows. "https://login.bcc.no/v2/logout?id_token_hint=TOKEN&post_logout_redirect_uri: https://dcg-deutschland.de". This is incorrect and not according to the Auth0 docs
6. You are redirected to https://bcc.no

Expected behavior

1. Logout url going to Auth0 should be formed according to their documentation here "https://auth0.com/docs/api/authentication#logout"
2. The returnTo query string paramater of the Auth0 logout url should be configurable from Wordpress BCC login plugin and thus re-direct the user to that url after logout

[rvanoord]

@philipdalen Would it be feasible to create a rule which rewrites the post_logut_redirect_uri parameter, or handles the redirect?
This OIDC draft for RP-initiated logout uses the same parameter as currently implemented in the sign-on client:
https://openid.net/specs/openid-connect-rpinitiated-1_0.html

[philipdalen]

@rvanoord sounds like a good option. I will investigate and come back to you