feat: store redirect URL before logout

BREAKING CHANGE: This removes the need for the `OIDCEndSessionRouteMixin`. It can simply be replaced by the ESA native call of `session.invalidate()`

This enables the user to store the source URL after logging out. The user will then be redirected to that source after the next login.

README.md

@@ -42,18 +42,6 @@ import OIDCAuthenticationRouteMixin from "ember-simple-auth-oidc/mixins/oidc-aut
 export default Route.extend(OIDCAuthenticationRouteMixin, {});
 ```
 
-The `oidc-end-session-route-mixin` must cover the logout / end session route
-(for example `/logout`).
-
-```js
-// app/routes/logout.js
-
-import Route from "@ember/routing/route";
-import OIDCEndSessionRouteMixin from "ember-simple-auth-oidc/mixins/oidc-end-session-route-mixin";
-
-export default Route.extend(OIDCEndSessionRouteMixin, {});
-```
-
 To include authorization info in all Ember Data requests add the `oidc-adapter-mixin`
 into the application adapter.
 

addon/mixins/oidc-application-route-mixin.js

@@ -1,7 +1,15 @@
 import Mixin from "@ember/object/mixin";
+import { inject as service } from "@ember/service";
+import config from "ember-simple-auth-oidc/config";
+import getAbsoluteUrl from "ember-simple-auth-oidc/utils/absoluteUrl";
 import ApplicationRouteMixin from "ember-simple-auth/mixins/application-route-mixin";
 
+const { host, endSessionEndpoint, afterLogoutUri } = config;
+
 export default Mixin.create(ApplicationRouteMixin, {
+  session: service(),
+  router: service(),
+
   /**
    * This method is called after a successful authentication and continues an
    * intercepted transition if a URL is stored in `continueTransition` in the
@@ -22,14 +30,33 @@ export default Mixin.create(ApplicationRouteMixin, {
     }
   },
 
+  _redirectToUrl(url) {
+    location.replace(url);
+  },
+
   sessionInvalidated() {
-    /**
-     * Overwrite the standard behavior of the
-     * sessionInvalidated event, which is redirecting
-     * to the rootUrl of the app. Since the OIDC addon
-     * redirects to the end-session endpoint after
-     * invalidating, this event should do nothing
-     * (or at least no redirecting!).
-     */
+    if (!endSessionEndpoint) {
+      return;
+    }
+
+    const params = [];
+
+    this.session.set(
+      "data.continueTransition",
+      location.href.replace(location.origin, "")
+    );
+
+    if (afterLogoutUri) {
+      params.push(`post_logout_redirect_uri=${getAbsoluteUrl(afterLogoutUri)}`);
+    }
+
+    const idToken = this.session.get("data.authenticated.id_token");
+    if (idToken) {
+      params.push(`id_token_hint=${idToken}`);
+    }
+
+    return this._redirectToUrl(
+      `${getAbsoluteUrl(host)}${endSessionEndpoint}?${params.join("&")}`
+    );
   }
 });

tests/dummy/app/controllers/application.js

@@ -1,6 +1,12 @@
 import Controller from "@ember/controller";
+import { action } from "@ember/object";
 import { inject as service } from "@ember/service";
 
-export default Controller.extend({
-  session: service()
-});
+export default class ApplicationController extends Controller {
+  @service session;
+
+  @action
+  logout() {
+    this.session.invalidate();
+  }
+}

tests/dummy/app/router.js

@@ -10,7 +10,6 @@ export default class Router extends EmberRouter {
 // eslint-disable-next-line array-callback-return
 Router.map(function() {
   this.route("login");
-  this.route("logout");
   this.route("protected", function() {
     this.route("profile");
   });

tests/dummy/app/templates/application.hbs

@@ -1,7 +1,7 @@
 <LinkTo @route="index">Index</LinkTo>
 <LinkTo @route="protected">Protected</LinkTo>
 {{#if this.session.isAuthenticated}}
-  <LinkTo @route="logout">Logout</LinkTo>
+  <a href="#" {{on "click" this.logout}}>Logout</a>
 {{else}}
   <LinkTo @route="login">Login</LinkTo>
 {{/if}}

tests/unit/mixins/oidc-application-route-mixin-test.js

@@ -1,8 +1,11 @@
 import EmberObject from "@ember/object";
+import config from "ember-get-config";
 import { setupTest } from "ember-qunit";
 import OidcApplicationRouteMixin from "ember-simple-auth-oidc/mixins/oidc-application-route-mixin";
 import { module, test } from "qunit";
 
+const { endSessionEndpoint, afterLogoutUri } = config["ember-simple-auth-oidc"];
+
 module("Unit | Mixin | oidc-application-route-mixin", function(hooks) {
   setupTest(hooks);
 
@@ -23,4 +26,31 @@ module("Unit | Mixin | oidc-application-route-mixin", function(hooks) {
 
     subject.sessionAuthenticated();
   });
+
+  test("it can make an invalidate request", function(assert) {
+    assert.expect(4);
+
+    const Route = EmberObject.extend(OidcApplicationRouteMixin);
+
+    const subject = Route.create({
+      session: EmberObject.create({
+        data: { authenticated: { id_token: "myIdToken" } },
+        on() {}
+      }),
+      _redirectToUrl(url) {
+        assert.ok(new RegExp(endSessionEndpoint).test(url));
+        assert.ok(
+          new RegExp(`post_logout_redirect_uri=${afterLogoutUri}`).test(url)
+        );
+        assert.ok(new RegExp("id_token_hint=myIdToken").test(url));
+      }
+    });
+
+    subject.sessionInvalidated(null, { queryParams: {} });
+
+    assert.equal(
+      subject.get("session.data.continueTransition"),
+      location.href.replace(location.origin, "")
+    );
+  });
 });