Fix Documentation Errors

jzheaux · Steve Riesenberg · commit af6fce4a714a · 2023-09-19T12:08:00.000-05:00
Issue gh-12570 (cherry picked from commit 6b0d822)
diff --git a/docs/modules/ROOT/pages/reactive/oauth2/login/logout.adoc b/docs/modules/ROOT/pages/reactive/oauth2/login/logout.adoc
@@ -173,7 +173,7 @@ open fun filterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
 
 And that's it!
 
-This will stand up the endpoint `/logout/connect/back-channel/+{registrationId}` which the OIDC Provider can request to invalidate a given session of an end user in your application.
+This will stand up the endpoint `+/logout/connect/back-channel/{registrationId}+` which the OIDC Provider can request to invalidate a given session of an end user in your application.
 
 [NOTE]
 `oidcLogout` requires that `oauth2Login` also be configured.
diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc
@@ -929,114 +929,5 @@ For MAC-based algorithms (such as `HS256`, `HS384`, or `HS512`), the `client-sec
 If more than one `ClientRegistration` is configured for OpenID Connect 1.0 Authentication, the JWS algorithm resolver may evaluate the provided `ClientRegistration` to determine which algorithm to return.
 ====
 
-
-[[oauth2login-advanced-oidc-logout]]
-== OpenID Connect 1.0 Logout
-
-OpenID Connect Session Management 1.0 allows the ability to log out the end user at the Provider by using the Client.
-One of the strategies available is https://openid.net/specs/openid-connect-rpinitiated-1_0.html[RP-Initiated Logout].
-
-If the OpenID Provider supports both Session Management and https://openid.net/specs/openid-connect-discovery-1_0.html[Discovery], the client can obtain the `end_session_endpoint` `URL` from the OpenID Provider's https://openid.net/specs/openid-connect-session-1_0.html#OPMetadata[Discovery Metadata].
-You can do so by configuring the `ClientRegistration` with the `issuer-uri`, as follows:
-
-[source,yaml]
-----
-spring:
-  security:
-    oauth2:
-      client:
-        registration:
-          okta:
-            client-id: okta-client-id
-            client-secret: okta-client-secret
-            ...
-        provider:
-          okta:
-            issuer-uri: https://dev-1234.oktapreview.com
-----
-
-Also, you can configure `OidcClientInitiatedLogoutSuccessHandler`, which implements RP-Initiated Logout, as follows:
-
-[tabs]
-======
-Java::
-+
-[source,java,role="primary"]
-----
-@Configuration
-@EnableWebSecurity
-public class OAuth2LoginSecurityConfig {
-
-	@Autowired
-	private ClientRegistrationRepository clientRegistrationRepository;
-
-	@Bean
-	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-		http
-			.authorizeHttpRequests(authorize -> authorize
-				.anyRequest().authenticated()
-			)
-			.oauth2Login(withDefaults())
-			.logout(logout -> logout
-				.logoutSuccessHandler(oidcLogoutSuccessHandler())
-			);
-		return http.build();
-	}
-
-	private LogoutSuccessHandler oidcLogoutSuccessHandler() {
-		OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler =
-				new OidcClientInitiatedLogoutSuccessHandler(this.clientRegistrationRepository);
-
-		// Sets the location that the End-User's User Agent will be redirected to
-		// after the logout has been performed at the Provider
-		oidcLogoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}");
-
-		return oidcLogoutSuccessHandler;
-	}
-}
-----
-
-Kotlin::
-+
-[source,kotlin,role="secondary"]
-----
-@Configuration
-@EnableWebSecurity
-class OAuth2LoginSecurityConfig {
-    @Autowired
-    private lateinit var clientRegistrationRepository: ClientRegistrationRepository
-
-    @Bean
-    open fun filterChain(http: HttpSecurity): SecurityFilterChain {
-        http {
-            authorizeRequests {
-                authorize(anyRequest, authenticated)
-            }
-            oauth2Login { }
-            logout {
-                logoutSuccessHandler = oidcLogoutSuccessHandler()
-            }
-        }
-        return http.build()
-    }
-
-    private fun oidcLogoutSuccessHandler(): LogoutSuccessHandler {
-        val oidcLogoutSuccessHandler = OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository)
-
-        // Sets the location that the End-User's User Agent will be redirected to
-        // after the logout has been performed at the Provider
-        oidcLogoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}")
-        return oidcLogoutSuccessHandler
-    }
-}
-----
-======
-
-[NOTE]
-====
-`OidcClientInitiatedLogoutSuccessHandler` supports the `+{baseUrl}+` placeholder.
-If used, the application's base URL, such as `https://app.example.org`, replaces it at request time.
-====
-
 [[oauth2login-advanced-oidc-logout]]
 Then, you can proceed to configure xref:reactive/oauth2/login/logout.adoc[logout]
diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/logout.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/logout.adoc
@@ -172,7 +172,7 @@ open fun filterChain(http: HttpSecurity): SecurityFilterChain {
 
 And that's it!
 
-This will stand up the endpoint `/logout/connect/back-channel/+{registrationId}` which the OIDC Provider can request to invalidate a given session of an end user in your application.
+This will stand up the endpoint `+/logout/connect/back-channel/{registrationId}+` which the OIDC Provider can request to invalidate a given session of an end user in your application.
 
 [NOTE]
 `oidcLogout` requires that `oauth2Login` also be configured.
