From 7c1d616676da8bd8d301f71f507aa7eddf91d755 Mon Sep 17 00:00:00 2001
From: laxmanhalaki <laxman.halaki@tech4biz.org>
Date: Wed, 29 Oct 2025 20:48:30 +0530
Subject: [PATCH] logout and ui glitch cleared

---
 src/controllers/auth.controller.ts | 3 ++-
 src/services/auth.service.ts       | 7 +++++--
 src/types/auth.types.ts            | 1 +
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/controllers/auth.controller.ts b/src/controllers/auth.controller.ts
index f8f774f..c51f468 100644
--- a/src/controllers/auth.controller.ts
+++ b/src/controllers/auth.controller.ts
@@ -304,7 +304,8 @@ export class AuthController {
       ResponseHandler.success(res, {
         user: result.user,
         accessToken: result.accessToken,
-        refreshToken: result.refreshToken
+        refreshToken: result.refreshToken,
+        idToken: result.oktaIdToken // Include id_token for frontend logout
       }, 'Token exchange successful');
     } catch (error) {
       logger.error('Token exchange failed:', error);
diff --git a/src/services/auth.service.ts b/src/services/auth.service.ts
index f4096f5..b5c1893 100644
--- a/src/services/auth.service.ts
+++ b/src/services/auth.service.ts
@@ -316,12 +316,13 @@ export class AuthService {
         throw new Error('Invalid response format from Okta');
       }
 
-      const { access_token, refresh_token } = tokenResponse.data;
+      const { access_token, refresh_token, id_token } = tokenResponse.data;
 
       if (!access_token) {
         logger.error('Missing access_token in Okta response', { 
           responseKeys: Object.keys(tokenResponse.data || {}),
           hasRefreshToken: !!refresh_token,
+          hasIdToken: !!id_token,
         });
         throw new Error('Failed to obtain access token from Okta - access_token missing in response');
       }
@@ -329,6 +330,7 @@ export class AuthService {
       logger.info('Successfully obtained tokens from Okta', {
         hasAccessToken: !!access_token,
         hasRefreshToken: !!refresh_token,
+        hasIdToken: !!id_token,
       });
 
       // Get user info from Okta using access token
@@ -439,9 +441,10 @@ export class AuthService {
       // Return our JWT tokens along with Okta tokens (store Okta refresh token for future use)
       return {
         ...result,
-        // Store Okta refresh token separately if needed
+        // Store Okta tokens separately if needed (especially id_token for logout)
         oktaRefreshToken: refresh_token,
         oktaAccessToken: access_token,
+        oktaIdToken: id_token, // Include id_token for proper Okta logout
       };
     } catch (error: any) {
       logger.error('Token exchange with Okta failed:', {
diff --git a/src/types/auth.types.ts b/src/types/auth.types.ts
index 9a3d849..bc0b189 100644
--- a/src/types/auth.types.ts
+++ b/src/types/auth.types.ts
@@ -43,4 +43,5 @@ export interface LoginResponse {
   refreshToken: string;
   oktaRefreshToken?: string;
   oktaAccessToken?: string;
+  oktaIdToken?: string; // ID token for Okta logout
 }