Spring Security OidcClientInitiatedLogoutSuccessHandler should understand redirect uri placeholders

OAuth 2.0 Login supports placeholders like baseUrl and registrationId.

OAuth 2.0 Logout should support these as well.

The design of ClientRegistrationRepository is intended to support multi-tenancy. In cases where each tenant has different branding, for example, it's reasonable that an application would want to ensure the redirect has the necessary information to render an appropriate post-logout experience.

A simple example is when doing multi-tenancy by path, e.g. https://foo.com/bar where bar is a reference to the tenant. For the post logout redirect uri, it's reasonable to want to do:

OidcClientInitiatedLogoutSuccessHandler handler =
    new OidcClientInitiatedLogoutSuccessHandler();
handler.setPostLogoutRedirectUri("{baseUrl}/{registrationId}");

so that the post logout redirect uri is resolved to https://foo.com/bar without requiring a custom implementation.

Comment From: jzheaux

Related to https://github.com/spring-projects/spring-security/issues/7842

Comment From: Enkosz

Hi, @jzheaux I would like to take a look at it, i'm pretty new to the codebase but i've been using Spring Security for 2 years, any tips?

Comment From: jzheaux

Great, @Enkosz! Please first see our contributing guidelines to help you get set up.

Please base your work off of the 5.7.x branch.

After that, I imagine that this method will be of some help to show what needs to be added into OidcClientInitiatedLogoutSuccessHandler. This ticket targets adding baseUrl and registrationId support.

Comment From: Enkosz

Thank you for the tip @jzheaux ! I've made a PR(#10935) let me know if i can improve it!