Skip to content

Handle OAuth logout when end_session_endpoint is missing#33610

Open
hitesh358-str wants to merge 1 commit into
jhipster:mainfrom
hitesh358-str:fix/oauth-logout-missing-end-session-endpoint
Open

Handle OAuth logout when end_session_endpoint is missing#33610
hitesh358-str wants to merge 1 commit into
jhipster:mainfrom
hitesh358-str:fix/oauth-logout-missing-end-session-endpoint

Conversation

@hitesh358-str

Copy link
Copy Markdown

Summary

Prevent NullPointerException during OAuth logout when the provider metadata does not expose end_session_endpoint.

Root Cause

Generated logout resources assume end_session_endpoint is always present and call:

clientRegistration.getProviderDetails()
.getConfigurationMetadata()
.get("end_session_endpoint")
.toString();

When the metadata entry is absent, logout fails with a NullPointerException.

Changes

  • Added null checks around end_session_endpoint lookup
  • Preserved existing RP-initiated logout behavior
  • Added fallback to local logout when provider logout metadata is unavailable
  • Added test coverage for missing metadata scenario

Testing

  • Existing logout behavior remains unchanged when end_session_endpoint exists
  • Added tests verifying successful logout when metadata is missing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant