From 79093e1ea593bd9f8fdd5ee8a5194cad7dfdb86b Mon Sep 17 00:00:00 2001
From: Michael Harrison <michael.harrison@bjss.com>
Date: Tue, 28 Jan 2025 15:38:01 +0000
Subject: [PATCH 1/3] CCM-8434: set logout redirect urls

---
 .gitignore                                            |  1 +
 .../components/app/cognito_user_pool_client.tf        | 11 +++++++++++
 .../components/sandbox/cognito_user_pool_client.tf    |  4 ++++
 scripts/generate-outputs.ts                           |  2 +-
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 34228d3f..8ff81588 100644
--- a/.gitignore
+++ b/.gitignore
@@ -74,6 +74,7 @@ amplifyconfiguration*
 .next
 .env
 .idea
+.node-version
 
 sandbox_tf_outputs.json
 sandbox_cognito_auth_token.json
diff --git a/infrastructure/terraform/components/app/cognito_user_pool_client.tf b/infrastructure/terraform/components/app/cognito_user_pool_client.tf
index 6f25f750..898bf738 100644
--- a/infrastructure/terraform/components/app/cognito_user_pool_client.tf
+++ b/infrastructure/terraform/components/app/cognito_user_pool_client.tf
@@ -13,6 +13,17 @@ resource "aws_cognito_user_pool_client" "main" {
     ] : []
   ])
 
+  logout_urls = flatten([
+    var.cognito_user_pool_additional_callback_urls,
+    [
+      "https://${var.environment}.${local.acct.dns_zone["name"]}/auth/",
+      "https://${aws_amplify_app.main.default_domain}/auth/"
+    ],
+    var.cognito_user_pool_use_environment_specific_gateway_callback_url ? [
+      "https://${var.environment}.${var.cognito_user_pool_environment_specific_gateway_callback_url_suffix}"
+    ] : []
+  ])
+
   supported_identity_providers = flatten(
     concat(local.cognito_idp, local.cis2_idp)
   )
diff --git a/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf b/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
index 47512959..8538b803 100644
--- a/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
+++ b/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
@@ -6,6 +6,10 @@ resource "aws_cognito_user_pool_client" "main" {
     "http://localhost:3000/auth/"
   ]
 
+  logout_urls = [
+    "http://localhost:3000/auth/"
+  ]
+
   allowed_oauth_flows_user_pool_client = true
   allowed_oauth_flows                  = ["code"]
   allowed_oauth_scopes = [
diff --git a/scripts/generate-outputs.ts b/scripts/generate-outputs.ts
index 57222d8b..3377f31b 100644
--- a/scripts/generate-outputs.ts
+++ b/scripts/generate-outputs.ts
@@ -43,7 +43,7 @@ const amplifyOutputs = {
       domain: cognitoDomain,
       scopes: ['email', 'openid'],
       redirect_sign_in_uri: [redirectDomain],
-      redirect_sign_out_uri: [],
+      redirect_sign_out_uri: [redirectDomain],
       response_type: 'code',
     },
   },

From 82277a56696014760dc05b6baa85ed63e2854468 Mon Sep 17 00:00:00 2001
From: Michael Harrison <michael.harrison@bjss.com>
Date: Tue, 28 Jan 2025 16:19:01 +0000
Subject: [PATCH 2/3] CCM-8434: remove sandbox client secret

---
 .../terraform/components/sandbox/cognito_user_pool_client.tf    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf b/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
index 8538b803..fa71a9c6 100644
--- a/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
+++ b/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
@@ -25,5 +25,5 @@ resource "aws_cognito_user_pool_client" "main" {
     "ALLOW_USER_SRP_AUTH"
   ]
 
-  generate_secret = true
+  generate_secret = false
 }

From 252f94105d821e9c8a9f964853df7911efc9cfba Mon Sep 17 00:00:00 2001
From: Michael Harrison <michael.harrison@bjss.com>
Date: Fri, 31 Jan 2025 16:55:24 +0000
Subject: [PATCH 3/3] CCM-8434: remove trailing slashes from callback urls

---
 .../terraform/components/app/cognito_user_pool_client.tf  | 8 ++++----
 .../components/sandbox/cognito_user_pool_client.tf        | 4 ++--
 infrastructure/terraform/components/sandbox/outputs.tf    | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/infrastructure/terraform/components/app/cognito_user_pool_client.tf b/infrastructure/terraform/components/app/cognito_user_pool_client.tf
index 60aab790..3542c4eb 100644
--- a/infrastructure/terraform/components/app/cognito_user_pool_client.tf
+++ b/infrastructure/terraform/components/app/cognito_user_pool_client.tf
@@ -7,8 +7,8 @@ resource "aws_cognito_user_pool_client" "main" {
   callback_urls = flatten([
     var.cognito_user_pool_additional_callback_urls,
     [
-      "https://${var.environment}.${local.acct.dns_zone["name"]}/auth/",
-      "https://${aws_amplify_app.main.default_domain}/auth/"
+      "https://${var.environment}.${local.acct.dns_zone["name"]}/auth",
+      "https://${aws_amplify_app.main.default_domain}/auth"
     ],
     var.cognito_user_pool_use_environment_specific_gateway_callback_url ? [
       "https://${var.environment}.${var.cognito_user_pool_environment_specific_gateway_callback_url_suffix}"
@@ -18,8 +18,8 @@ resource "aws_cognito_user_pool_client" "main" {
   logout_urls = flatten([
     var.cognito_user_pool_additional_callback_urls,
     [
-      "https://${var.environment}.${local.acct.dns_zone["name"]}/auth/",
-      "https://${aws_amplify_app.main.default_domain}/auth/"
+      "https://${var.environment}.${local.acct.dns_zone["name"]}/auth",
+      "https://${aws_amplify_app.main.default_domain}/auth"
     ],
     var.cognito_user_pool_use_environment_specific_gateway_callback_url ? [
       "https://${var.environment}.${var.cognito_user_pool_environment_specific_gateway_callback_url_suffix}"
diff --git a/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf b/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
index fa71a9c6..ca2fa294 100644
--- a/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
+++ b/infrastructure/terraform/components/sandbox/cognito_user_pool_client.tf
@@ -3,11 +3,11 @@ resource "aws_cognito_user_pool_client" "main" {
   user_pool_id = aws_cognito_user_pool.main.id
 
   callback_urls = [
-    "http://localhost:3000/auth/"
+    "http://localhost:3000/auth"
   ]
 
   logout_urls = [
-    "http://localhost:3000/auth/"
+    "http://localhost:3000/auth"
   ]
 
   allowed_oauth_flows_user_pool_client = true
diff --git a/infrastructure/terraform/components/sandbox/outputs.tf b/infrastructure/terraform/components/sandbox/outputs.tf
index 9fbe0f38..1139cdcf 100644
--- a/infrastructure/terraform/components/sandbox/outputs.tf
+++ b/infrastructure/terraform/components/sandbox/outputs.tf
@@ -11,7 +11,7 @@ output "cognito_domain" {
 }
 
 output "redirect_domain" {
-  value = "http://localhost:3000/auth/"
+  value = "http://localhost:3000/auth"
 }
 
 output "cis2_provider_name" {