Logout should not force query string parameters

[wshaddix]

When a user logs out of my application, the only thing that is needed is to clear the token and refresh the application by navigating back to the start url. Currently the logout() method also appends query string parameters, expecting the server to do something with the redirectUri, but in my case, I don't want to log the user out of the STS (Azure AD) ... only my application.

Is there a way that we can configure aurelia-oauth to make setting the queyr string parameters of the redirectUrl optional for this use case?

public logout = (): void => {
        var redirectUrl = `${this.config.logoutUrl}?` +
            `${this.config.logoutRedirectParameterName}=${encodeURIComponent(this.config.redirectUri)}`;

        window.location.href = redirectUrl;
        this.oAuthTokenService.removeToken();
    };   

[matik12]

@wshaddix my question is, what do you mean by logging out only from your application?

In case of implicit grant flow, there is an external endpoint (API - Identity Server) which performs the authorization and then redirect browser back to your application. Your application does not perform authorization, but only intercept token to use it when calling protected resources. If you just remove the stored token and refresh the app, it will redirect browser to the Identity Server endpoint and as long there is already logged user (i.e. proper cookies) the browser will simply go back to your app with the same user you had before. Without logging out on the identity server side you won't be able to change the user, who wants to be logged in.