OidcClientInitiatedLogoutSuccessHandler should understand redirect uri placeholders

[jzheaux]

OAuth 2.0 Login supports placeholders like baseUrl and registrationId.

OAuth 2.0 Logout should support these as well.

The design of ClientRegistrationRepository is intended to support multi-tenancy. In cases where each tenant has different branding, for example, it's reasonable that an application would want to ensure the redirect has the necessary information to render an appropriate post-logout experience.

A simple example is when doing multi-tenancy by path, e.g. https://foo.com/bar where bar is a reference to the tenant. For the post logout redirect uri, it's reasonable to want to do:

OidcClientInitiatedLogoutSuccessHandler handler =
    new OidcClientInitiatedLogoutSuccessHandler();
handler.setPostLogoutRedirectUri("{baseUrl}/{registrationId}");

so that the post logout redirect uri is resolved to https://foo.com/bar without requiring a custom implementation.

[jzheaux]

Related to #7842

[Enkosz]

Hi, @jzheaux I would like to take a look at it, i'm pretty new to the codebase but i've been using Spring Security for 2 years, any tips?

[jzheaux]

Great, @Enkosz! Please first see our contributing guidelines to help you get set up.

Please base your work off of the 5.7.x branch.

After that, I imagine that this method will be of some help to show what needs to be added into OidcClientInitiatedLogoutSuccessHandler. This ticket targets adding baseUrl and registrationId support.

[Enkosz]

Thank you for the tip @jzheaux ! I've made a PR(#10935) let me know if i can improve it!