Call end_session_endpoint in IDP provider when login out from Console (#2476)

pkg/auth/idp/oauth2/config.go

@@ -37,6 +37,7 @@ type ProviderConfig struct {
 	Userinfo                 bool
 	RedirectCallbackDynamic  bool
 	RedirectCallback         string
+	EndSessionEndpoint       string
 	RoleArn                  string // can be empty
 }
 

pkg/auth/idp/oauth2/provider.go

@@ -110,6 +110,7 @@ type Provider struct {
 	IDPName string
 	// if enabled means that we need extrace access_token as well
 	UserInfo       bool
+	RefreshToken   string
 	oauth2Config   Configuration
 	provHTTPClient *http.Client
 }
@@ -319,6 +320,7 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
 	getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) {
 		customCtx := context.WithValue(ctx, oauth2.HTTPClient, client.provHTTPClient)
 		oauth2Token, err := client.oauth2Config.Exchange(customCtx, code)
+		client.RefreshToken = oauth2Token.RefreshToken
 		if err != nil {
 			return nil, err
 		}