creating iframe with frontchannel_logout_uri that contains a query part was not done correctly.

Author: rohe

src/oidcendpoint/oidc/session.py

@@ -51,6 +51,8 @@ def do_front_channel_logout_iframe(cinfo, iss, sid):
             _args = parse_qs(p.query)
             _args.update(_query)
             _query = _args
+            _np = p._replace(query='')
+            frontchannel_logout_uri = _np.geturl()
 
         _iframe = '<iframe src="{}?{}">'.format(frontchannel_logout_uri,
                                                 urlencode(_query, doseq=True))

tests/test_30_end_session.py

@@ -398,6 +398,16 @@ def test_front_channel_logout_session_required(self):
         res = do_front_channel_logout_iframe(_cdb, ISS,'_sid_')
         assert res == '<iframe src="https://example.com/fc_logout?iss=https%3A%2F%2Fexample.com%2F&sid=_sid_">'
 
+    def test_front_channel_logout_with_query(self):
+        self._code_auth('1234567')
+
+        _cdb = copy.copy(self.session_endpoint.endpoint_context.cdb['client_1'])
+        _cdb['frontchannel_logout_uri'] = 'https://example.com/fc_logout?entity_id=foo'
+        _cdb['frontchannel_logout_session_required'] = True
+        _cdb['client_id'] = 'client_1'
+        res = do_front_channel_logout_iframe(_cdb, ISS, '_sid_')
+        assert res == '<iframe src="https://example.com/fc_logout?entity_id=foo&iss=https%3A%2F%2Fexample.com%2F&sid=_sid_">'
+
     def test_logout_from_client_bc(self):
         self._code_auth('1234567')
         self.session_endpoint.endpoint_context.cdb['client_1']['backchannel_logout_uri'] = 'https://example.com/bc_logout'