Post Logout Redirect Parameter
Hi there! I am using Next 13.4.19 with "@kinde-oss/kinde-auth-nextjs": "^2.1.10"
I am trying to change the post logout URL for a single page.
I have tried
/api/auth/logout?post_logout_redirect_url=/logout?from=logout but this keept sending me to / which is my default after logout url.
I even tried making it with the logout link
But this also sends me back to /
This is intended or am I experiencing some bug or just made a mistake in the config?
Thanks for your help! π47 Replies
Not that it helps much , but I was also able to reproduce this just now.
I also noticed that on the type definition for
LogoutLink, the postLogoutRedirectURL exists but it's not mentioned anywhere in the SDK docsWas wondering the same. I saw it in the types but it seems it won't do it.
I think I may know why..
Logic for handling register and login redirect URL:
https://github.com/kinde-oss/kinde-auth-nextjs/blob/059547d6b6eb88b808aab04c653a380ecdb30ab3/src/components/RegisterLink.js#L28
Logic for handling logout redirect URL:
https://github.com/kinde-oss/kinde-auth-nextjs/blob/059547d6b6eb88b808aab04c653a380ecdb30ab3/src/components/LogoutLink.js#L19
GitHub
kinde-auth-nextjs/src/components/LogoutLink.js at 059547d6b6eb88b80...
Kinde NextJS SDK - authentication for server rendered apps - kinde-oss/kinde-auth-nextjs
GitHub
kinde-auth-nextjs/src/components/RegisterLink.js at 059547d6b6eb88b...
Kinde NextJS SDK - authentication for server rendered apps - kinde-oss/kinde-auth-nextjs
It's possible this commit may have caused it:
https://github.com/kinde-oss/kinde-auth-nextjs/commit/bab315097096556bc58831c7a7aed7a025303b43
Obviously I haven't tested anything, I can potentially do a build and play around with it tomorrow, see if my theory is correct
Thank you so much!
(Assuming the Kinde guys don't get to it before I do)
Could be fun to contribute a PR though π€·
I might take this old code and replace it in my node_modules and see if it works
Let me know how it goes
It seems that the URL passing is fine as is. I think the handling seems to be more the issue. I have the feeling my app crashes and resets to / after /api/auth/logout is called with params.
I'll see if I get any further but help from the Kinde guys would be much appretiated
wdym by handling?
I can see that it adds the parameter to the url but i havenβt found out where this logic is getting processed so where the actual redirect happens. For me it seems that the issue might be there
Hm weird, I haven't been able to test today yet (at work). If there's no other news by the time I get home I might have a quick look for fun
You had any luck with this at all?
I've been digging through the sdk source code for like an hour and can't find anything
I can see that it's broken, I just can't find how
No unfortunately not.
Im currently following a "hint" that in the SessionManger it only has the post login url as cookie but not the post logout url
https://github.com/kinde-oss/kinde-auth-nextjs/blob/059547d6b6eb88b808aab04c653a380ecdb30ab3/src/session/sessionManager.js#L23
I will check if adding the post logout url will change anything otherwise the kinde guys need to have a view
GitHub
kinde-auth-nextjs/src/session/sessionManager.js at 059547d6b6eb88b8...
Kinde NextJS SDK - authentication for server rendered apps - kinde-oss/kinde-auth-nextjs
Yes I saw that too!
I've added that and it hasn't changed anything for me
yep same for me π¦
I think that's part of the story but not the whole story
yeah guess I'll need to wait for one of the kinde guys to have a look. I'lL might do some more digging but I am kinda stuck rn π Thanks for your help so far tho, much appretiated!
I can see that adding this into the sessionmanager it gets added to the cookies but seems like its not getting used somehow
Yeah I've been trying to see where the login redirect actually picks up the cookie but I'm not finding it unfortunately
actually, I think it may have to do with
src/handlers/callback.js
This is where the post_login_redirect_url is being used to redirect to the specified url, logout doesn't have an equivalentoh yeah, but I am not too sure if you get back to the callback on logout
You don't (and probably shouldn't)
I think this is odd...
/src/authMiddleware/authMiddleware.js line 9
this basically always uses my set default logout url and not the one provided in the URL if I understood it right
Tbh, I don't think this ever worked
Suddenly, it all makes sense @DJKnaeckebrot
π
hahaha lol!
He's testing in prod fr
Oh, he's in the discord server, maybe we can ask him directly
Hi @dc, would you be able to give us a hand with this? We can't seem to get it to work
Little Update:
I have checked the typescipt SDK as this gets referenced:
types.d.ts:
Seems as if for the types the options are missing.
Checking the
src/routerClients/AppRouterClient.js it references the typescript SDK with the this.kindeClient call:
While the src/handlers/logout.js call sets up the authURL by using:
Console logging the authUrl leads to : https://identity.teamsynix.org/logout?redirect=http://localhost:3000/login
while authUrlParams: Object.fromEntries(routerClient.searchParams) returns : {"post_logout_redirect_url":"/login?type=bewerben"}
Tbh I dont rly know if this error is within the typescript SDK or the NextJS SDK..I found that as well
I tried making a type for it in the next.js sdk and nothing happened still unfortunately
It is a tricky issue
@DJKnaeckebrot are we dumb?
well I know I am...
Did you set your url in here?
If this was the issue all along... big facepalm.. @Andre @ Kinde has been watching us all this time laughing
Haha, sadly not the issue in this case, and definitely not dumb!
Thanks for raising this one @Joel @DJKnaeckebrot and sorry it's taken me so long to get to it. I'll just provide some context
There is the
.env variable KINDE_POST_LOGOUT_REDIRECT_URL this typically is the one that you would have mapped in the Kinde admin area in the Allowed logout redirect urls - if it isn't mapped there then it will fall back to a default Kinde log out screen.
There is then the argument to <LogoutLink /> which is post_logout_redirect_url the idea of this one is to be able to provide dynamic logout URLs that differ from the default.
The idea was that this way you could add a single logout url to the allow list (as it could be a headache to add every conceivable url) and then forward the user onwards on return to your application. (This is the same way the post_login_redirect_url argument works for logging in - typically that is used to remember where they were trying to visit).
With the LoginLink argument the param is stored in the NextJS SessionManager - essentially just a cookie which can be accessed when you are redirected back from Kinde.
One approach you could use (I should add a caveat here that I am not a NextJS expert by any means) is having a global logout route (could also be middleware I expect) something like:
.env
^ this should also be added in Allowed logout redirect URLs
/api/logout
The /api/logout is then able to handle any values passed to <LogoutLink post_logout_redirect_url="/some-where-else" />Hey thanks for the detailed response Dave! So if I understand correctly, we are supposed to handle the post login redirect ourselves in this case?
Yeah i set those urls π Was the first thing I checked haha as I initially was landing on the kinde default page so I added all pages and even with the searchParams in the URL π
Thanks for this detailed response!
I'll try to get this implemented and will let you know!
Eitherway I am just wondering if this SDK still should be able to do this without making this "workaround" with the custom logout page? If so I might can try to dig deeper on why it wont pass/use the param π
I had to add the KINDE_SITE_URL as I use a reverse proxy and the provided code was putting localhost:4001 instead of my domain π Otherwise its working now!
For reference if anyone ever needs it I'll leave the code for the
/api/logout/ route
Since its a bit counter-intuitive that this is the case, is it possible for this behaviour to be documented as part of the sdk docs?
+1
Glad you got it working though dj
thanks for your help to both of you!
Eitherway I am just wondering if this SDK still should be able to do this without making this "workaround" with the custom logout page? If so I might can try to dig deeper on why it wont pass/use the param πI did wonder this myself. There are 3 ways of handling the param that I can think of 1. The param override to the
.env variable setting, so it would get passed to Kinde and we redirect straight to it. This would mean the dynamic URL would need to exist in Allowed logout redirect URLs in the admin area
This seems to be both of your expected behaviour. I like that there is no additional code needed but this would mean the behaviour was different to the post_login_redirect_url param which could be confusing. Also could mean a lot of URLs having to be added to the allow list
2. As it is now, the .env variable is used for the initial logout redirect and the param is stored in the Session Manager and can be used in a custom logout page set up by the founder.
I like that this gives flexibility to the dev, possibly just documentation thing, although more setup needed than the above
3. Similar to 2, except we provide an additional api/auth/post-logout handler within the SDK that essentially provides the code snippet above for you. So in theory you can then just add api/auth/post-logout to the Allowed Logout Callback URls - this seems like a nice hybrid solution
Would love to hear your thoughtsI like the 3. solution as it seems to be the best of both worlds π
Hey @Dave - Kinde sorry for the ping.
I have made some changes to the SDK so it adds the /api/auth/postlogout functionallity.
I was just wondering if this looks good to you guys before I open the PR
I added a remove of the sessionItem before the redirect cause otherwise if you only use logout it will keep using that cookie (atleast for me) π
I just saw I might can add another check in the else if for the url not being null tho
Thanks for this @DJKnaeckebrot , best thing to do it open the PR to get eyes on it
How possible is it to use the same callback route that the login callback uses for logout?
ie check whether the user is logging in or logging out and redirect accordingly from the same endpoint
It's definitely possible but I do prefer the separation of concerns. The callback for login contains a fair bit of logic that isn't relevant for logging out
That makes sense, I think either option 2 or 3 makes sense in that case.
Option 3 seems like it would behave most similarly to the login redirection and would probably alleviate the most confusion. Is it useful for the developer to have control over this behaviour @Dave - Kinde? I can't think of many circumstances where custom behaviour would be needed (option 2) but you're obviously more knowledgable than I am here