Sign out not working #37
Description
I have the following configuration based on the sample app
<oauth2 authorization-url="https://accounts.google.com/o/oauth2/auth" sign-out-url="https://accounts.google.com/o/oauth2/revoke?token=" sign-out-append-token="true" sign-out-redirect-url="http://localhost:9000" client-id="***" redirect-url="http://localhost:9000" response-type="id_token token" scope="openid" auto-generate-nonce="false" silent-token-redirect-url="http://localhost:9000/#/silent-renew" > </oauth2>
I've changed the response type as seen above.
The code as given appends "?id_token_hint=XXXXX" to the url, but there is already a ? in the sign-out- url so it needs to be appended with &. Even then Google rejects the request when id_token_hint is in it. and ignores the redirect-url, all I get in response is an empty JSON object {}
So it seems id_token_hint is invalid, post_logout_redirect_uri is ignored and the token needs to be the access_token not the id_token.