Route subscriber / method of overriding core logout path

Created on 21 June 2022, almost 3 years ago

Updated 2 May 2025, 18 days ago

Problem/Motivation

The way that the module is overriding the logout route is confusing at best and problematic at worst.

There is a route subscriber in the module that is not being used. It appears to be attempting to replace Drupal Core's user.logout controller; however, after debugging why my custom module's route subscriber overrides were not working, I have discovered 2 underlying reasons:

The openid_connect route subscriber is not being used because it is not defined in the services.yml file
There is a custom route openid_connect.logout with the same logout path which is overriding the core user.logout, so any customizations made to user.logout are not applied when a user hits the /user/logout path because the openid_connect.logout route settings are used instead

This causes confusion because the route subscriber gives the impression that it is hooking into core's logout when it is not. This can be problematic because if someone has overridden core's logout path using the typically recommended way (via an event subscriber to alter the route's path), the openid_connect logout process will not occur.

Steps to reproduce

Install and configure the openid_connect module with the setting to "Logout from identity provider" and configure a client that supports logout
Test and verify that logging out of Drupal results in a logout from the IdP
Add a custom module with a registered route subscriber and override core's user.logout path (e.g. /logout)
Test and note that logging out of Drupal does not result in a logout from the IdP

Proposed resolution

Properly register the route subscriber in the services.yml file w/ an event_subscriber tag
If desired, in the route subscriber add the other route options that are defined in this module's openid_connect.logout route (default _title and option no_cache), although the former seems unnecessary and could conflict w/ custom module tweaks
Remove the custom openid_connect.logout route

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task

Status

Active

Version

2.0

Component

Code

Created by

bgustafson

Live updates comments and jobs are added and updated live.

Incomplete comments

Merge Requests

!160Route subscriber / method of overriding core logout path
Open
Unnamed author
updated 18 days ago

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 18 days ago →
🇦🇺Australia demma10
I've created a patch for this issue. The patch applies to the 3.x-dev branch. I'll setup a merge request later.

This patch registers the route subscriber and comments out the logout route override.
Comment 18 days ago →
🇦🇺Australia demma10
Merge request !160Issue 3291799: Sent logout routing to the route subscriber → (Open) created by Unnamed author
Pipeline finished with Failed
18 days ago
Total: 298s
#487044

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024