Merged in feat/seamless-logout (pull request #212)

feat(WEB-207): seamless logout v.2

Approved-by: Michael Zetterberg

app/[lang]/(live)/(protected)/logout/route.ts

@@ -13,34 +13,14 @@ export async function GET(
   request: NextRequest,
   context: { params: { lang: Lang } }
 ) {
-  let redirectHeaders: Headers | undefined = undefined
-  let redirectTo: string
+  let redirectTo: string = ""
 
   const returnUrl = request.headers.get("x-returnurl")
 
   if (returnUrl) {
+    // Seamless logout request from Current web
     redirectTo = returnUrl
   } else {
-    // Normal logout request from New web
-    redirectTo =
-      request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
-      request.nextUrl.searchParams.get("redirectTo") ||
-      "/"
-
-    // Make relative URL to absolute URL
-    if (redirectTo.startsWith("/")) {
-      if (!env.PUBLIC_URL) {
-        throw internalServerError("No value for env.PUBLIC_URL")
-      }
-      redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
-    }
-    // Clean up cookie from authRequired middleware
-    redirectHeaders = new Headers()
-    redirectHeaders.append(
-      "set-cookie",
-      "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
-    )
-
     try {
       // Initiate the seamless logout flow
       let redirectUrlValue
@@ -65,7 +45,6 @@ export async function GET(
           break
       }
       const redirectUrl = new URL(redirectUrlValue)
-      redirectUrl.searchParams.set("returnurl", redirectTo)
       redirectTo = redirectUrl.toString()
     } catch (e) {
       console.error(
@@ -74,6 +53,7 @@ export async function GET(
       console.error(e)
     }
   }
+
   try {
     /**
      * Passing `redirect: false` to `signOut` will return a result object
@@ -83,8 +63,6 @@ export async function GET(
     console.log({ logout_NEXTAUTH_URL: process.env.NEXTAUTH_URL })
     console.log({ logout_env: process.env })
 
-    console.log({ logout_redirectTo: redirectTo })
-
     const headers = new Headers(nextHeaders())
     const signOutURL = createActionURL(
       "signout",
@@ -96,15 +74,18 @@ export async function GET(
 
     console.log({ logout_signOutURL: signOutURL })
 
+    // Redirect to Curity logout
+    const curityLogoutUrl = `${env.CURITY_ISSUER_USER}/authn/authenticate/logout?redirect_uri=${encodeURIComponent(redirectTo)}`
+
+    console.log({ logout_redirectTo: curityLogoutUrl })
+
     const redirectUrlObj = await signOut({
-      redirectTo,
+      redirectTo: curityLogoutUrl,
       redirect: false,
     })
 
     if (redirectUrlObj) {
-      return NextResponse.redirect(redirectUrlObj.redirect, {
-        headers: redirectHeaders,
-      })
+      return NextResponse.redirect(redirectUrlObj.redirect)
     }
   } catch (error) {
     if (error instanceof AuthError) {

middlewares/currentWebLogout.ts

@@ -1,7 +1,8 @@
 import { NextResponse } from "next/server"
 
-import { findLang } from "@/constants/languages"
-import { badRequest } from "@/server/errors/next"
+import { findLang, Lang } from "@/constants/languages"
+import { env } from "@/env/server"
+import { badRequest, internalServerError } from "@/server/errors/next"
 
 import type { NextMiddleware } from "next/server"
 
@@ -14,9 +15,20 @@ export const middleware: NextMiddleware = (request) => {
   }
   const lang = findLang(request.nextUrl.pathname)!
 
-  return NextResponse.rewrite(new URL(`/${lang}/logout`, request.nextUrl))
-}
+  if (!env.PUBLIC_URL) {
+    throw internalServerError("No value for env.PUBLIC_URL")
+  }
+  const redirectTo = env.PUBLIC_URL
 
+  const headers = new Headers(request.headers)
+  headers.set("x-returnurl", redirectTo)
+
+  return NextResponse.rewrite(new URL(`/${lang}/logout`, request.nextUrl), {
+    request: {
+      headers,
+    },
+  })
+}
 export const matcher: MiddlewareMatcher = (request) => {
   return request.nextUrl.pathname.endsWith("/updatelogout")
 }