🪳

Author: quochuydev

app1/ui/Home.tsx

@@ -29,7 +29,7 @@ export default function Home() {
               session={sessions[0]}
               sessions={sessions}
               signOut={() => {
-                window.location.href = `https://auth.example.local/auth/signout?id_token_hint=${sessions[0].idToken}&return_url=https://app.example.local/app1/hello`;
+                window.location.href = `https://auth.example.local/auth/signout?id_token_hint=${sessions[0]?.idToken}&return_url=https://app.example.local/app1`;
               }}
             />
           </div>

app1/ui/components/ProfileImage.tsx

@@ -91,7 +91,7 @@ export default function ProfileImage(props: {
                     return_url: "https://app.example.local/app1",
                   });
 
-                  window.location.href = `https://auth.example.local/auth/signin?${params.toString()}`;
+                  window.location.href = `https://auth.example.local/auth/signin?${params}`;
                 }}
               >
                 + Add other account

app2/ui/Home.tsx

@@ -37,7 +37,7 @@ export default function Home() {
             return_url: "https://app.example.local/app2",
           });
 
-          window.location.href = `https://auth.example.local/auth/signin?${params.toString()}`;
+          window.location.href = `https://auth.example.local/auth/signin?${params}`;
         }}
       >
         Login
@@ -48,7 +48,7 @@ export default function Home() {
             return_url: "https://app.example.local/app2",
           });
 
-          window.location.href = `https://auth.example.local/auth/signout?${params.toString()}`;
+          window.location.href = `https://auth.example.local/auth/signout?${params}`;
         }}
       >
         Logout

auth/app/api/auth/signin/route.ts

@@ -52,38 +52,25 @@ export async function POST(request: NextRequest) {
   const codeChallenge = generateCodeChallenge(codeVerifier);
   const state = generateState();
 
-  const params: {
-    code_challenge: string;
-    code_challenge_method: string;
-    client_id: string;
-    redirect_uri: string;
-    response_type: string;
-    scope: string;
-    state: string;
-    prompt?: string;
-    login_hint?: string;
-  } = {
+  const params = new URLSearchParams({
     code_challenge: codeChallenge,
     code_challenge_method: "S256",
     client_id: configuration.portal.clientId,
     redirect_uri: configuration.portal.redirectUrl,
     response_type: "code",
     scope,
     state,
-  };
-
-  if (prompt) params.prompt = prompt;
-  if (loginHint) params.login_hint = loginHint;
+  });
 
-  const authorizeUrl = `${
-    wellKnown.authorization_endpoint
-  }?${new URLSearchParams(params).toString()}`;
+  if (prompt) params.set("prompt", prompt);
+  if (loginHint) params.set("login_hint", loginHint);
 
   if (returnUrl) setShortLiveCookie(returnUrlCookieName, returnUrl);
   setShortLiveCookie(stateCookieName, state);
   setShortLiveCookie(redirectUrlCookieName, configuration.portal.redirectUrl);
   setShortLiveCookie(codeVerifierCookieName, codeVerifier);
   deleteCookie(csrfTokenCookieName);
 
+  const authorizeUrl = `${wellKnown.authorization_endpoint}?${params}`;
   return NextResponse.json({ authorizeUrl });
 }

auth/app/api/auth/signout/route.ts

@@ -1,7 +1,9 @@
 import configuration from "@/configuration";
-import { returnUrlCookieName } from "@/lib/constant";
+import { authSessionCookieName, returnUrlCookieName } from "@/lib/constant";
 import { setShortLiveCookie } from "@/lib/cookie";
 import { prisma } from "@/lib/prisma";
+import { Prisma } from "@prisma/client";
+import { cookies } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
 
 export async function POST(request: NextRequest) {
@@ -15,6 +17,10 @@ export async function POST(request: NextRequest) {
     };
     const { returnUrl, idTokenHint, state } = body;
 
+    const requestCookie = cookies();
+    const authSessionCookie = requestCookie.get(authSessionCookieName);
+    const authSession = authSessionCookie?.value;
+
     const wellKnownResponse = await fetch(
       `${configuration.portal.issuer}/.well-known/openid-configuration`
     );
@@ -31,36 +37,33 @@ export async function POST(request: NextRequest) {
       throw { code: wellKnownResponse.status, details: wellKnown };
     }
 
-    const params: {
-      client_id?: string;
-      post_logout_redirect_uri?: string;
-      id_token_hint?: string;
-      state?: string;
-    } = {
+    const params = new URLSearchParams({
       client_id: configuration.portal.clientId,
       post_logout_redirect_uri: configuration.portal.postLogoutRedirectUri,
-    };
+    });
 
-    if (idTokenHint) params.id_token_hint = idTokenHint;
-    if (state) params.state = state;
+    if (state) params.set("state", state);
+
+    const sessionWhereInput: Prisma.SessionWhereInput = {
+      authSession: authSessionCookie?.value,
+    };
 
     if (idTokenHint) {
-      await prisma.session.updateMany({
-        where: {
-          idToken: idTokenHint,
-        },
-        data: {
-          deletedAt: new Date(),
-        },
-      });
+      params.set("id_token_hint", idTokenHint);
+      sessionWhereInput.idToken = idTokenHint;
     }
 
-    const endSessionUrl = `${
-      wellKnown.end_session_endpoint
-    }?${new URLSearchParams(params).toString()}`;
+    await prisma.session.updateMany({
+      where: sessionWhereInput,
+      data: {
+        deletedAt: new Date(),
+      },
+    });
 
     if (returnUrl) setShortLiveCookie(returnUrlCookieName, returnUrl);
 
+    const endSessionUrl = `${wellKnown.end_session_endpoint}?${params}`;
+
     return NextResponse.json({ endSessionUrl });
   } catch (error: any) {
     return NextResponse.json(error.details || { message: error.message }, {