Properly URL encoding the sign-out URL.

asgardeo · Nov 5, 2023 · 3b770b3 · 3b770b3
1 parent f8ed951
commit 3b770b3
Showing 1 changed file with 7 additions and 10 deletions.
diff --git a/lib/src/core/authentication-core.ts b/lib/src/core/authentication-core.ts
@@ -556,8 +556,8 @@ export class AuthenticationCore<T> {
                 "No sign-in redirect URL has been found either. "
             );
         }
-
-        let parameter: string = `client_id=${ configData.clientID }`;
+        const queryParams = new URLSearchParams();
+        queryParams.set("post_logout_redirect_uri", callbackURL);
 
         if (configData.sendIdTokenInLogoutRequest) {
             const idToken: string = (await this._dataLayer.getSessionData(userID))?.id_token;
@@ -569,16 +569,13 @@ export class AuthenticationCore<T> {
                     "No ID token could be found. Either the session information is lost or you have not signed in."
                 );
             }
-            parameter = `id_token_hint=${ idToken }`;
+            queryParams.set("id_token_hint", idToken);
+        } else {
+            queryParams.set("client_id", configData.clientID);
         }
 
-        const logoutCallback: string =
-            `${ logoutEndpoint }?` +
-            parameter +
-            `&post_logout_redirect_uri=${ callbackURL }&state=` +
-            SIGN_OUT_SUCCESS_PARAM;
-
-        return logoutCallback;
+        queryParams.set("state", SIGN_OUT_SUCCESS_PARAM);
+        return `${logoutEndpoint}?${queryParams.toString()}`;
     }
 
     public async clearUserSessionData(userID?: string): Promise<void> {