From ee28484829e0725b8858c14d60feca0558a3dcfc Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Date: Fri, 15 Jul 2022 09:07:29 +0200
Subject: [PATCH] test(handler): use correct session ID for front-channel
 logout

---
 pkg/handler/handler_test.go | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/pkg/handler/handler_test.go b/pkg/handler/handler_test.go
index 08968b4..caadad3 100644
--- a/pkg/handler/handler_test.go
+++ b/pkg/handler/handler_test.go
@@ -1,6 +1,7 @@
 package handler_test
 
 import (
+	"context"
 	"encoding/base64"
 	"fmt"
 	"net/http"
@@ -105,11 +106,21 @@ func TestHandler_FrontChannelLogout(t *testing.T) {
 	sessionCookie := login(t, rpClient, idp)
 
 	// Trigger front-channel logout
-	ciphertext, err := base64.StdEncoding.DecodeString(sessionCookie.Value)
-	assert.NoError(t, err)
+	sid := func() string {
+		ciphertext, err := base64.StdEncoding.DecodeString(sessionCookie.Value)
+		assert.NoError(t, err)
 
-	sid, err := idp.RelyingPartyHandler.Crypter.Decrypt(ciphertext)
-	assert.NoError(t, err)
+		localSessionID, err := idp.RelyingPartyHandler.Crypter.Decrypt(ciphertext)
+		assert.NoError(t, err)
+
+		encryptedSession, err := idp.RelyingPartyHandler.Sessions.Read(context.Background(), string(localSessionID))
+		assert.NoError(t, err)
+
+		data, err := encryptedSession.Decrypt(idp.RelyingPartyHandler.Crypter)
+		assert.NoError(t, err)
+
+		return data.ExternalSessionID
+	}()
 
 	frontchannelLogoutURL, err := url.Parse(idp.RelyingPartyServer.URL)
 	assert.NoError(t, err)
@@ -117,7 +128,7 @@ func TestHandler_FrontChannelLogout(t *testing.T) {
 	frontchannelLogoutURL.Path = "/oauth2/logout/frontchannel"
 
 	values := url.Values{}
-	values.Add("sid", string(sid))
+	values.Add("sid", sid)
 	values.Add("iss", idp.OpenIDConfig.Provider().Issuer)
 	frontchannelLogoutURL.RawQuery = values.Encode()