Update RP-Initiated Logout target URLs.

rozagerardo · jzheaux · commit 8315545144d6 · 2022-11-01T12:35:39.000-06:00
The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs. Fixes: gh-12081
diff --git a/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc
@@ -645,7 +645,7 @@ If more than one `ClientRegistration` is configured for OpenID Connect 1.0 Authe
 == OpenID Connect 1.0 Logout
 
 OpenID Connect Session Management 1.0 allows the ability to log out the End-User at the Provider using the Client.
-One of the strategies available is https://openid.net/specs/openid-connect-session-1_0.html#RPLogout[RP-Initiated Logout].
+One of the strategies available is https://openid.net/specs/openid-connect-rpinitiated-1_0.html[RP-Initiated Logout].
 
 If the OpenID Provider supports both Session Management and https://openid.net/specs/openid-connect-discovery-1_0.html[Discovery], the client may obtain the `end_session_endpoint` `URL` from the OpenID Provider's https://openid.net/specs/openid-connect-session-1_0.html#OPMetadata[Discovery Metadata].
 This can be achieved by configuring the `ClientRegistration` with the `issuer-uri`, as in the following example:
diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc
@@ -838,7 +838,7 @@ If more than one `ClientRegistration` is configured for OpenID Connect 1.0 Authe
 == OpenID Connect 1.0 Logout
 
 OpenID Connect Session Management 1.0 allows the ability to log out the End-User at the Provider using the Client.
-One of the strategies available is https://openid.net/specs/openid-connect-session-1_0.html#RPLogout[RP-Initiated Logout].
+One of the strategies available is https://openid.net/specs/openid-connect-rpinitiated-1_0.html[RP-Initiated Logout].
 
 If the OpenID Provider supports both Session Management and https://openid.net/specs/openid-connect-discovery-1_0.html[Discovery], the client may obtain the `end_session_endpoint` `URL` from the OpenID Provider's https://openid.net/specs/openid-connect-session-1_0.html#OPMetadata[Discovery Metadata].
 This can be achieved by configuring the `ClientRegistration` with the `issuer-uri`, as in the following example:
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
@@ -41,8 +41,7 @@
  * @author Josh Cummings
  * @since 5.2
  * @see <a href=
- * "https://openid.net/specs/openid-connect-session-1_0.html#RPLogout">RP-Initiated
- * Logout</a>
+ * "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout</a>
  * @see org.springframework.security.web.authentication.logout.LogoutSuccessHandler
  */
 public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java
@@ -43,8 +43,7 @@
  * @author Josh Cummings
  * @since 5.2
  * @see <a href=
- * "https://openid.net/specs/openid-connect-session-1_0.html#RPLogout">RP-Initiated
- * Logout</a>
+ * "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout</a>
  * @see org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler
  */
 public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {
