Add test for OIDC logout redirection

1 files changed, 9 insertions, 8 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Auth/Social.pm b/perllib/FixMyStreet/App/Controller/Auth/Social.pm
index 4bd7dcd4d..56bae96d2 100644
--- a/perllib/FixMyStreet/App/Controller/Auth/Social.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth/Social.pm
@@ -198,6 +198,15 @@ sub oidc_sign_in : Private {
     $oauth{detach_to} = $c->stash->{detach_to};
     $oauth{detach_args} = $c->stash->{detach_args};
     $oauth{nonce} = $nonce;
+
+    # The OIDC endpoint may require a specific URI to be called to log the user
+    # out when they log out of FMS.
+    if ( my $redirect_uri = $c->cobrand->feature('oidc_login')->{logout_uri} ) {
+        $redirect_uri .= "?post_logout_redirect_uri=";
+        $redirect_uri .= URI::Escape::uri_escape( $c->uri_for('/auth/sign_out') );
+        $oauth{logout_redirect_uri} = $redirect_uri;
+    }
+
     $c->session->{oauth} = \%oauth;
     $c->res->redirect($url);
 }
@@ -271,14 +280,6 @@ sub oidc_callback: Path('/auth/OIDC') : Args(0) {
     # which is passed to Open311 with reports made by this user.
     my $extra = $c->cobrand->call_hook(oidc_user_extra => $id_token);
 
-    # The OIDC endpoint may require a specific URI to be called to log the user
-    # out when they log out of FMS.
-    if ( my $redirect_uri = $c->cobrand->feature('oidc_login')->{logout_uri} ) {
-        $redirect_uri .= "?post_logout_redirect_uri=";
-        $redirect_uri .= URI::Escape::uri_escape( $c->uri_for('/auth/sign_out') );
-        $c->session->{oauth}{logout_redirect_uri} = $redirect_uri;
-    }
-
     $c->forward('oauth_success', [ 'oidc', $uid, $name, $email, $extra ]);
 }