Skip to content

feature: add flag omitIdTokenHintOnLogout in OIDC config #3711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
strehle wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

feature: add flag omitIdTokenHintOnLogout in OIDC config #3711

strehle wants to merge 4 commits into from
+101 −1

Conversation

@strehle
Copy link
Member

@strehle strehle commented Dec 30, 2025

feature: add flag omitIdTokenHintOnLogout in OIDC config

Omit id_token_hint if omitIdTokenHintOnLogout: true Default is false and adds the id_token_hint during logout

@strehle
feature: add flag omitIdTokenHintOnLogout in OIDC config
4921c05 
Omit id_token_hint if omitIdTokenHintOnLogout: true
Default is false and adds the id_token_hint during logout
@strehle strehle linked an issue Dec 30, 2025 that may be closed by this pull request
Feature Request - Flag to disable id_token_hint in logout response #3710
Open
@strehle strehle requested review from Copilot and duanemay December 30, 2025 16:51
@strehle strehle linked an issue Dec 30, 2025 that may be closed by this pull request
Support id_token_hint external oidc logout #3037
Closed
@strehle strehle added the feature proposal Propose a feature label Dec 30, 2025
Copilot AI reviewed Dec 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new configuration flag omitIdTokenHintOnLogout to OIDC identity provider settings, allowing users to control whether the id_token_hint parameter is included when performing RP-Initiated Logout at external OIDC providers. By default, the hint is included (false), but can be omitted by setting this flag to true.

Key changes:

  • Added omitIdTokenHintOnLogout Boolean field to OIDCIdentityProviderDefinition with proper getter/setter, equals, hashCode, and toString implementations
  • Updated logout URL construction logic in ExternalOAuthLogoutSuccessHandler to conditionally omit the id_token_hint parameter based on the new flag
  • Added deserialization support in OauthIDPWrapperFactoryBean to load the configuration from identity provider definitions

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
model/src/main/java/org/cloudfoundry/identity/uaa/provider/OIDCIdentityProviderDefinition.java Adds the new omitIdTokenHintOnLogout Boolean field with complete implementation including getter/setter, equals, hashCode, and toString methods
server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthLogoutSuccessHandler.java Updates logout URL construction to conditionally omit id_token_hint when the new flag is true
server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIDPWrapperFactoryBean.java Adds deserialization logic to read omitIdTokenHintOnLogout from provider configuration maps
server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthLogoutSuccessHandlerTest.java Adds test case verifying that id_token_hint is omitted when the flag is set to true
model/src/test/java/org/cloudfoundry/identity/uaa/provider/OIDCIdentityProviderDefinitionTests.java Updates equality test to include the new field
uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointDocs.java Documents the new configuration parameter for API documentation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@strehle strehle moved this to Pending Merge | Prioritized in Foundational Infrastructure Working Group Dec 30, 2025
@strehle
Update server/src/main/java/org/cloudfoundry/identity/uaa/provider/oa…
ad3260d 
…uth/ExternalOAuthLogoutSuccessHandler.java


ok, good to know

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@strehle strehle requested a review from Copilot December 30, 2025 17:02
Copilot AI reviewed Dec 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@strehle
let copilot fix itself and generate tests.
3e69a69 
it is scary, but the inital code was generated by copilot, then review done
and improved, but all from copilot
@strehle strehle requested a review from Copilot December 30, 2025 17:30
Copilot AI reviewed Dec 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@strehle strehle requested a review from Copilot December 30, 2025 17:39
Copilot AI reviewed Dec 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@strehle strehle requested a review from Copilot December 30, 2025 18:18
Copilot AI reviewed Dec 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@strehle strehle requested a review from Copilot December 31, 2025 08:52
Copilot AI reviewed Dec 31, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@strehle strehle requested a review from Copilot December 31, 2025 09:21
Copilot AI reviewed Dec 31, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@duanemay duanemay Awaiting requested review from duanemay

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

feature proposal Propose a feature

Projects

Foundational Infrastructure Working Group
Status: Pending Merge | Prioritized

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request - Flag to disable id_token_hint in logout response Support id_token_hint external oidc logout

1 participant

@strehle