Setting next or post_logout_redirect_uri properly?

[william-bohannan]

Issue
Logout redirect using URL next OR post_logout_redirect_uri parameter not working as expected, should send user to the URL in the parameter. Please advise?

Doing the following...

Authentik > Flows and Stages > Flow

• configure default-invalidation-flow
• denied action: CONTINUE

html/js client has set the logoutEndpoint by doing:

const baseLogoutUrl = "https://auth.example.com/application/o/test/end-session/";
const redirectUrl = "https://test.example.com/session-ended";
const logoutEndpoint = `${baseLogoutUrl}?post_logout_redirect_uri=${encodeURIComponent(redirectUrl)}`;

Then logout, which directs to:

https://auth.example.com/if/session-end/hub/?next=https%3A%2F%2Ftest.example.com%2Fsession-ended?id_token_hint=.....&post_logout_redirect_uri=https%3A%2F%2Ftext.example.com

Which displays

Authentik has a screen "You've logged out of Test.
 - Go back to overview
 - Log out of Company
 - Log back into Test

also tried:

const logoutEndpoint = `${baseLogoutUrl}?next=${encodeURIComponent(redirectUrl)}`;

and

const logoutEndpoint = `${baseLogoutUrl}?next=${encodeURIComponent(redirectUrl)}&post_logout_redirect_uri=${encodeURIComponent(redirectUrl)}`;

Expected behavior

Log out should redirect to test.example.com instead of the Authentik page "You've logged out of Test.

Version and Deployment (please complete the following information):

• authentik version: 24.6.0
• Deployment: docker-compose

[ThisIsMissEm]

Can confirm this doesn't appear to work

[studtech]

I'm also experiencing this problem on version 2024.6.3.

[william-bohannan]

Sending the next and id_token_hint parameters does not redirect it to the "next" location, goes to default Authentik logout screen. Have checked both the Authentik settings and the online guides which indicate the next parameter should work.

The online guide for logout stage is empty too which doesn't help? https://docs.goauthentik.io/docs/flow/stages/user_logout

// Domain
const domain = window.location.hostname;
const domain_parts = domain.split('.');
const logoutEndpoint = `https://auth.example.com/application/o/${domain_parts[0]}/end-session/`;   // slug

// Logout function
function auth_logout() {
  const idToken = localStorage.getItem('id_token');
  const redirectUrl = `https://${domain}/logout`;

  // localStorage: clear
  localStorage.removeItem('access_token');
  localStorage.removeItem('id_token');
  localStorage.removeItem('refresh_token');
  localStorage.removeItem('user_session');
  
  // Redirect
  window.location.href = `${logoutEndpoint}?next=${encodeURIComponent(redirectUrl)}&id_token_hint=${idToken}`;
}

// Click event for div with id logout
document.getElementById('logout').addEventListener('click', auth_logout);

[BeryJu]

as the session end page is quite static currently, it does not respect parameters like this. This will change once #5048 is merged, as that will replace the static page with a flow and more provider-specific logic, like respecting post_logout_redirect_uri for OIDC

[jimbojim]

Any idea what release this will make it into? I'm testing 2024.12.1 and I'm seeing the same behavior with the post_logout_redirect_uri not being respected.

[Elmeric]

#5048 seems to have been make into 2024.10 but I've tried it on 2024.12.2 and the post_logout_redirect_uri is not being respected too.
@BeryJu How can we make it working please ?

[gerrewsb]

I'm having the same issue... Both logout and app-logout invalidation flows don't redirect back to the post_logout_redirect_uri

[ShotSwine]

Can confirm still having this issue here (v2025.6.1).

@BeryJu - has some other change that's been made perhaps broken this feature given it was implemented in #5048?