Log out user after approve or reject system user request

bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI/Controllers/RequestController.cs

@@ -1,10 +1,12 @@
-using Altinn.Authentication.UI.Core.Authentication;
+using Altinn.Authentication.UI.Core.AppConfiguration;
+using Altinn.Authentication.UI.Core.Authentication;
 using Altinn.Authentication.UI.Core.SystemUsers;
 using Altinn.Authentication.UI.Filters;
+using Altinn.Authentication.UI.Integration.Configuration;
 using Altinn.Authorization.ProblemDetails;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System.Net.Http.Headers;
+using Microsoft.Extensions.Options;
 
 /// <summary>
 /// API for the Frontend to fetch a Request then reject or approve it.
@@ -15,7 +17,7 @@
 [ApiController]
 [AutoValidateAntiforgeryTokenIfAuthCookie]
 public class RequestController(
-    IRequestService _requestService) : ControllerBase
+    IRequestService _requestService, IOptions<PlatformSettings> _platformSettings, IOptions<GeneralSettings> _generalSettings) : ControllerBase
 {       
     /// <summary>
     /// Gets a VendorRequest by Id
@@ -85,4 +87,28 @@ public async Task<ActionResult> RejectRequest(Guid requestId, CancellationToken
 
         return Ok(req.Value);
     }
+
+    /// <summary>
+    /// Logout
+    /// </summary>
+    /// <returns></returns>
+    [Authorize]
+    [HttpGet("logout")]
+    public IActionResult Logout([FromQuery] Guid id)
+    {
+        CookieOptions cookieOptions = new()
+        {
+            Domain = _generalSettings.Value.HostName,
+            HttpOnly = true,
+            Secure = true,
+            IsEssential = true,
+            SameSite = SameSiteMode.Lax
+        };
+
+        // store cookie value for redirect
+        HttpContext.Response.Cookies.Append("AltinnLogoutInfo", $"SystemuserRequestId={id}", cookieOptions);
+
+        string logoutUrl = $"{_platformSettings.Value.ApiAuthenticationEndpoint}logout";
+        return Redirect(logoutUrl);
+    }
 }

frontend/src/features/vendorRequestPage/VendorRequestPageContent.tsx

@@ -43,7 +43,7 @@ export const VendorRequestPageContent = ({ request, userInfo }: VendorRequestPag
       .unwrap()
       .then(() => {
         if (request.redirectUrl) {
-          redirectToVendor(request.redirectUrl);
+          logoutAndRedirectToVendor();
         } else {
           setIsReceiptVisible(true);
         }
@@ -55,15 +55,15 @@ export const VendorRequestPageContent = ({ request, userInfo }: VendorRequestPag
       .unwrap()
       .then(() => {
         if (request.redirectUrl) {
-          redirectToVendor(request.redirectUrl);
+          logoutAndRedirectToVendor();
         } else {
           logoutUser();
         }
       });
   };
 
-  const redirectToVendor = (requestUrl: string): void => {
-    const url = new URL(requestUrl);
+  const logoutAndRedirectToVendor = (): void => {
+    const url = new URL('/authfront/api/v1/systemuser/request/logout', window.location.href);
     url.searchParams.append('id', request.id);
     window.location.assign(url.toString());
   };