feat(passport): logout endpoint for game sdks (#2674)

Author: nattb8

packages/passport/sdk/src/Passport.ts

@@ -323,7 +323,7 @@ export class Passport {
    * Returns the logout URL for the current user.
    * @returns {Promise<string>} The logout URL
    */
-  public async getLogoutUrl(): Promise<string> {
+  public async getLogoutUrl(): Promise<string | null> {
     return withMetricsAsync(async () => {
       await this.authManager.removeUser();
       await this.magicAdapter.logout();

packages/passport/sdk/src/authManager.test.ts

@@ -24,6 +24,7 @@ const clientId = '11111';
 const redirectUri = 'https://test.com';
 const popupRedirectUri = `${redirectUri}-popup`;
 const logoutEndpoint = '/v2/logout';
+const crossSdkBridgeLogoutEndpoint = '/im-logged-out';
 const logoutRedirectUri = `${redirectUri}logout/callback`;
 
 const getConfig = (values?: Partial<PassportModuleConfiguration>) => new PassportConfiguration({
@@ -108,7 +109,7 @@ describe('AuthManager', () => {
     mockOverlayAppend = jest.fn();
     mockOverlayRemove = jest.fn();
     mockRevokeTokens = jest.fn();
-    (UserManager as jest.Mock).mockReturnValue({
+    (UserManager as jest.Mock).mockImplementation((config) => ({
       signinPopup: mockSigninPopup,
       signinCallback: mockSigninCallback,
       signinRedirectCallback: mockSigninRedirectCallback,
@@ -118,7 +119,12 @@ describe('AuthManager', () => {
       signinSilent: mockSigninSilent,
       storeUser: mockStoreUser,
       revokeTokens: mockRevokeTokens,
-    });
+      settings: {
+        metadata: {
+          end_session_endpoint: config.metadata?.end_session_endpoint,
+        },
+      },
+    }));
     (Overlay as jest.Mock).mockReturnValue({
       append: mockOverlayAppend,
       remove: mockOverlayRemove,
@@ -718,7 +724,9 @@ describe('AuthManager', () => {
 
           const am = new AuthManager(getConfig({ logoutRedirectUri }));
           const result = await am.getLogoutUrl();
-          const uri = new URL(result);
+
+          expect(result).not.toBeNull();
+          const uri = new URL(result!);
 
           expect(uri.hostname).toEqual(authenticationDomain);
           expect(uri.pathname).toEqual(logoutEndpoint);
@@ -733,13 +741,43 @@ describe('AuthManager', () => {
 
           const am = new AuthManager(getConfig());
           const result = await am.getLogoutUrl();
-          const uri = new URL(result);
+
+          expect(result).not.toBeNull();
+          const uri = new URL(result!);
 
           expect(uri.hostname).toEqual(authenticationDomain);
           expect(uri.pathname).toEqual(logoutEndpoint);
           expect(uri.searchParams.get('client_id')).toEqual(clientId);
         });
       });
+
+      describe('when crossSdkBridgeEnabled is true', () => {
+        it('should use the bridge logout endpoint path', async () => {
+          mockGetUser.mockReturnValue(mockOidcUser);
+
+          const am = new AuthManager(getConfig({ crossSdkBridgeEnabled: true, logoutRedirectUri }));
+          const result = await am.getLogoutUrl();
+
+          expect(result).not.toBeNull();
+          const uri = new URL(result!);
+
+          expect(uri.hostname).toEqual(authenticationDomain);
+          expect(uri.pathname).toEqual(crossSdkBridgeLogoutEndpoint);
+          expect(uri.searchParams.get('client_id')).toEqual(clientId);
+          expect(uri.searchParams.get('returnTo')).toEqual(logoutRedirectUri);
+        });
+      });
+    });
+
+    describe('when end_session_endpoint is not available', () => {
+      it('should return null', async () => {
+        const am = new AuthManager(getConfig());
+        // eslint-disable-next-line @typescript-eslint/dot-notation
+        am['userManager'].settings.metadata!.end_session_endpoint = undefined;
+
+        const result = await am.getLogoutUrl();
+        expect(result).toBeNull();
+      });
     });
   });
 

packages/passport/sdk/src/authManager.ts

@@ -38,8 +38,13 @@ const formUrlEncodedHeader = {
 };
 
 const logoutEndpoint = '/v2/logout';
+const crossSdkBridgeLogoutEndpoint = '/im-logged-out';
 const authorizeEndpoint = '/authorize';
 
+const getLogoutEndpointPath = (crossSdkBridgeEnabled: boolean): string => (
+  crossSdkBridgeEnabled ? crossSdkBridgeLogoutEndpoint : logoutEndpoint
+);
+
 const getAuthConfiguration = (config: PassportConfiguration): UserManagerSettings => {
   const { authenticationDomain, oidcConfiguration } = config;
 
@@ -53,7 +58,7 @@ const getAuthConfiguration = (config: PassportConfiguration): UserManagerSetting
   }
   const userStore = new WebStorageStateStore({ store });
 
-  const endSessionEndpoint = new URL(logoutEndpoint, authenticationDomain.replace(/^(?:https?:\/\/)?(.*)/, 'https://$1'));
+  const endSessionEndpoint = new URL(getLogoutEndpointPath(config.crossSdkBridgeEnabled), authenticationDomain.replace(/^(?:https?:\/\/)?(.*)/, 'https://$1'));
   endSessionEndpoint.searchParams.set('client_id', oidcConfiguration.clientId);
   if (oidcConfiguration.logoutRedirectUri) {
     endSessionEndpoint.searchParams.set('returnTo', oidcConfiguration.logoutRedirectUri);
@@ -368,15 +373,15 @@ export default class AuthManager {
     return this.userManager.removeUser();
   }
 
-  public async getLogoutUrl(): Promise<string> {
-    const { authenticationDomain, oidcConfiguration } = this.config;
-
-    const endSessionEndpoint = new URL(logoutEndpoint, authenticationDomain);
-    endSessionEndpoint.searchParams.set('client_id', oidcConfiguration.clientId);
+  public async getLogoutUrl(): Promise<string | null> {
+    const endSessionEndpoint = this.userManager.settings?.metadata?.end_session_endpoint;
 
-    if (oidcConfiguration.logoutRedirectUri) endSessionEndpoint.searchParams.set('returnTo', oidcConfiguration.logoutRedirectUri);
+    if (!endSessionEndpoint) {
+      logger.warn('Failed to get logout URL');
+      return null;
+    }
 
-    return endSessionEndpoint.toString();
+    return endSessionEndpoint;
   }
 
   public forceUserRefreshInBackground() {