Delayed logout fix
After reporting the issue to the PaaS Web Application Hosting Service, it turns out that the new redirect URL for an application logout should be:
https://auth.cern.ch/auth/realms/cern/protocol/openid-connect/logout?client_id=<client_id>&post_logout_redirect_uri=<redirect_uri>
.
This URL will bring to the following logout view:
To bypass that step and logout directly, even the parameter id_token_hint
needs to be passed.
Therefore, to achieve this, we need to set the id_token_hint
parameter in the endSessionUrl method with the id_token from the TokenSet instance received upon the client authentication (here).