Get the ID Token before deleting the session

src/auth0-session/handlers/logout.ts

@@ -32,6 +32,7 @@ export default function logoutHandlerFactory(
       return;
     }
 
+    const idToken = sessionCache.getIdToken(req, res);
     sessionCache.delete(req, res);
 
     if (!config.idpLogout) {
@@ -46,7 +47,7 @@ export default function logoutHandlerFactory(
     const client = await getClient();
     returnURL = client.endSessionUrl({
       post_logout_redirect_uri: returnURL,
-      id_token_hint: sessionCache.getIdToken(req, res)
+      id_token_hint: idToken
     });
 
     debug('logging out of identity provider, redirecting to %s', returnURL);

tests/auth0-session/handlers/logout.test.ts

@@ -55,7 +55,7 @@ describe('logout route', () => {
   });
 
   it('should perform a distributed logout', async () => {
-    const baseURL = await setup({ ...defaultConfig, idpLogout: true });
+    const baseURL = await setup({ ...defaultConfig, auth0Logout: false, idpLogout: true });
     const cookieJar = await login(baseURL);
 
     const session: SessionResponse = await get(baseURL, '/session', { cookieJar });
@@ -71,7 +71,10 @@ describe('logout route', () => {
       hostname: 'op.example.com',
       pathname: '/session/end',
       protocol: 'https:',
-      query: expect.objectContaining({ post_logout_redirect_uri: baseURL })
+      query: {
+        post_logout_redirect_uri: baseURL,
+        id_token_hint: session.id_token
+      }
     });
   });