added openid and profile to scope

backend/src/app.js

@@ -106,7 +106,8 @@ utils.getOidcDiscovery().then(discovery => {
     callbackURL: config.get('server:frontend') + '/api/auth/callback',
     scope: discovery.scopes_supported,
     kc_idp_hint: config.get('server:idirIDPHint')
-  }, (_issuer, _sub, profile, accessToken, refreshToken, done) => {
+  }, (_issuer, _sub, profile, accessToken, refreshToken, params, done) => {
+    const idToken = params.id_token;
     if ((typeof (accessToken) === 'undefined') || (accessToken === null) ||
       (typeof (refreshToken) === 'undefined') || (refreshToken === null)) {
       return done('No access token', null);
@@ -116,6 +117,7 @@ utils.getOidcDiscovery().then(discovery => {
     profile.jwtFrontend = auth.generateUiToken();
     profile.jwt = accessToken;
     profile.refreshToken = refreshToken;
+    profile.idToken = idToken;
     return done(null, profile);
   }));
   //JWT strategy is used for authorization

backend/src/routes/auth.js

@@ -41,6 +41,7 @@ router.get(
   "/login",
   passport.authenticate("oidc", {
     failureRedirect: "error",
+    scope: ['openid','profile']
   })
 );
 
@@ -54,34 +55,33 @@ function logout(req) {
 }
 
 //removes tokens and destroys session
-router.get("/logout", async (req, res) => {
-  if (req?.session?.passport?.user) {
-    logout(req);
+router.get("/logout", async (req, res, next) => {
+  let primaryURL = config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend');
+  let idToken = req?.session?.passport?.user?.idToken;
+  if (idToken) {
+    req.logout(function(err) {
+      if (err) {
+        return next(err);
+      }
+      req.session.destroy();
+      let retUrl;
+      if (req.query && req.query.sessionExpired) {
+        retUrl = encodeURIComponent(primaryURL + '/session-expired' + '&id_token_hint=' + idToken);
+      } else {
+        retUrl = encodeURIComponent(primaryURL + '/logout' + '&id_token_hint=' + idToken);
+      }
+      res.redirect(config.get('siteMinder_logout_endpoint') + retUrl);
+    });
+  }else {
     let retUrl;
     if (req.query && req.query.sessionExpired) {
-      retUrl = encodeURIComponent(
-        config.get("logoutEndpoint") +
-          "?post_logout_redirect_uri=" +
-          config.get("server:frontend") +
-          "/session-expired"
-      );
+      console.log("1")
+      retUrl = encodeURIComponent(primaryURL + '/session-expired' + '&client_id=' + config.get('oidc:clientId'));
     } else {
-      retUrl = encodeURIComponent(
-
-        config.get("logoutEndpoint") +
-          "?post_logout_redirect_uri=" +
-          config.get("server:frontend") +
-          "/logout"
-      );
+      console.log("2")
+      retUrl = encodeURIComponent(primaryURL + '/logout' + '&client_id=' + config.get('oidc:clientId'));
     }
-    res.redirect(config.get("siteMinder_logout_endpoint") + retUrl);
-  } else {
-    res.redirect(config.get("server:frontend") + "/logout");
-    // if (req.query && req.query.sessionExpired) {
-    //   res.redirect(config.get("server:frontend") + "/session-expired");
-    // } else {
-    //   res.redirect(config.get("server:frontend") + "/logout");
-    // }
+    res.redirect(config.get('siteMinder_logout_endpoint') + retUrl);
   }
 });