From cba3804b31f0f359b34529391aed1ee0bd547cdd Mon Sep 17 00:00:00 2001
From: Jean-Luc Makiola <business@jeanlucmakiola.de>
Date: Sun, 12 Apr 2026 21:58:27 +0200
Subject: [PATCH] fix: include client_id in Logto end-session redirect

Logto needs client_id to validate the post_logout_redirect_uri and
auto-redirect back to the app. Without it, user gets stuck on
Logto's end-session success page.

Note: post_logout_redirect_uri must be registered in Logto Console
under the app's "Post sign-out redirect URIs".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/server/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/server/index.ts b/src/server/index.ts
index 285c5ba..78f8425 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -102,8 +102,9 @@ app.get("/logout", async (c) => {
 	const issuer = process.env.OIDC_ISSUER;
 	const postLogoutRedirect = new URL("/", c.req.url).origin;
 	if (issuer) {
+		const clientId = process.env.OIDC_CLIENT_ID;
 		return c.redirect(
-			`${issuer}/session/end?post_logout_redirect_uri=${encodeURIComponent(postLogoutRedirect)}`,
+			`${issuer}/session/end?client_id=${encodeURIComponent(clientId || "")}&post_logout_redirect_uri=${encodeURIComponent(postLogoutRedirect)}`,
 		);
 	}
 	return c.redirect("/");