[GH-373] Add support for oidc logout parameters (#384)

Co-authored-by: Sergiu Ghitea <[email protected]>

management/client.go

@@ -113,7 +113,11 @@ type Client struct {
 
 	// URLs that are valid to call back from Auth0 for OIDC backchannel logout.
 	// This feature currently must be enabled for your tenant.
+	// Deprecated: use OIDCLogout instead of OIDCBackchannelLogout.
 	OIDCBackchannelLogout *OIDCBackchannelLogout `json:"oidc_backchannel_logout,omitempty"`
+
+	// URLs that are valid to call back from Auth0 for OIDC logout.
+	OIDCLogout *OIDCLogout `json:"oidc_logout,omitempty"`
 }
 
 // ClientJWTConfiguration is used to configure JWT settings for our Client.
@@ -224,10 +228,23 @@ type PrivateKeyJWT struct {
 }
 
 // OIDCBackchannelLogout defines the `oidc_backchannel_logout` settings for the client.
+// Deprecated: use OIDCLogout instead of OIDCBackchannelLogout.
 type OIDCBackchannelLogout struct {
 	BackChannelLogoutURLs *[]string `json:"backchannel_logout_urls,omitempty"`
 }
 
+// OIDCLogout defines the `oidc_logout` settings for the client.
+type OIDCLogout struct {
+	BackChannelLogoutURLs       *[]string                    `json:"backchannel_logout_urls,omitempty"`
+	BackChannelLogoutInitiators *BackChannelLogoutInitiators `json:"backchannel_logout_initiators,omitempty"`
+}
+
+// BackChannelLogoutInitiators defines the setting for OIDC logout initiators for a Client.
+type BackChannelLogoutInitiators struct {
+	Mode               *string   `json:"mode,omitempty"`
+	SelectedInitiators *[]string `json:"selected_initiators,omitempty"`
+}
+
 // ClientAddons defines the `addons` settings for a Client.
 type ClientAddons struct {
 	AWS                  *AWSClientAddon                  `json:"aws,omitempty"`

management/client_test.go

@@ -126,6 +126,37 @@ func TestClient_CreateWithClientAddons(t *testing.T) {
 	})
 }
 
+func TestClient_CreateWithOIDCLogout(t *testing.T) {
+	configureHTTPTestRecordings(t)
+
+	expectedClient := &Client{
+		Name: auth0.Stringf("Test Client OIDC Logout (%s)", time.Now().Format(time.StampMilli)),
+		OIDCLogout: &OIDCLogout{
+			BackChannelLogoutURLs: &[]string{"https://example.com/logout"},
+			BackChannelLogoutInitiators: &BackChannelLogoutInitiators{
+				Mode: auth0.String("custom"),
+				SelectedInitiators: &[]string{
+					"rp-logout",
+					"idp-logout",
+				},
+			},
+		},
+	}
+
+	err := api.Client.Create(context.Background(), expectedClient)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, expectedClient.GetClientID())
+
+	oidcLogout := expectedClient.GetOIDCLogout()
+	assert.Equal(t, oidcLogout.GetBackChannelLogoutURLs(), []string{"https://example.com/logout"})
+	assert.Equal(t, oidcLogout.GetBackChannelLogoutInitiators().GetMode(), "custom")
+	assert.Equal(t, oidcLogout.GetBackChannelLogoutInitiators().GetSelectedInitiators(), []string{"rp-logout", "idp-logout"})
+
+	t.Cleanup(func() {
+		cleanupClient(t, expectedClient.GetClientID())
+	})
+}
+
 func TestJWTConfiguration(t *testing.T) {
 	t.Run("MarshalJSON", func(t *testing.T) {
 		for clientJWTConfiguration, expected := range map[*ClientJWTConfiguration]string{

test/data/recordings/TestClient_CreateWithOIDCLogout.yaml

@@ -0,0 +1,74 @@
+---
+version: 2
+interactions:
+    - id: 0
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 229
+        transfer_encoding: []
+        trailer: {}
+        host: go-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: |
+            {"name":"Test Client OIDC Logout (Apr 12 11:48:47.281)","oidc_logout":{"backchannel_logout_urls":["https://example.com/logout"],"backchannel_logout_initiators":{"mode":"custom","selected_initiators":["rp-logout","idp-logout"]}}}
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.4.1
+        url: https://go-auth0-dev.eu.auth0.com/api/v2/clients
+        method: POST
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: -1
+        uncompressed: false
+        body: '{"name":"Test Client OIDC Logout (Apr 12 11:48:47.281)","client_id":"w83ftZO5tsue8g6q1vsmGKYxdQ9mstVF","client_secret":"[REDACTED]","is_first_party":true,"is_token_endpoint_ip_header_trusted":false,"oidc_conformant":false,"jwt_configuration":{"secret_encoded":false,"lifetime_in_seconds":36000},"signing_keys":[{"cert":"[REDACTED]"}],"sso_disabled":false,"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"custom_login_page_on":true,"refresh_token":{"rotation_type":"non-rotating","expiration_type":"non-expiring","leeway":0,"token_lifetime":2592000,"infinite_token_lifetime":true,"infinite_idle_token_lifetime":true,"idle_token_lifetime":1296000},"oidc_backchannel_logout":{"backchannel_logout_urls":["https://example.com/logout"]},"oidc_logout":{"backchannel_logout_urls":["https://example.com/logout"],"backchannel_logout_initiators":{"mode":"custom","selected_initiators":["rp-logout","idp-logout"]}}}'
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 201 Created
+        code: 201
+        duration: 829.976416ms
+    - id: 1
+      request:
+        proto: HTTP/1.1
+        proto_major: 1
+        proto_minor: 1
+        content_length: 0
+        transfer_encoding: []
+        trailer: {}
+        host: go-auth0-dev.eu.auth0.com
+        remote_addr: ""
+        request_uri: ""
+        body: ""
+        form: {}
+        headers:
+            Content-Type:
+                - application/json
+            User-Agent:
+                - Go-Auth0/1.4.1
+        url: https://go-auth0-dev.eu.auth0.com/api/v2/clients/w83ftZO5tsue8g6q1vsmGKYxdQ9mstVF
+        method: DELETE
+      response:
+        proto: HTTP/2.0
+        proto_major: 2
+        proto_minor: 0
+        transfer_encoding: []
+        trailer: {}
+        content_length: 0
+        uncompressed: false
+        body: ""
+        headers:
+            Content-Type:
+                - application/json; charset=utf-8
+        status: 204 No Content
+        code: 204
+        duration: 196.064625ms