Load the available CA in the API when invoking the openid-connect/logout remote IDP endpoint.

Author: pjuarezd

restapi/user_logout.go

@@ -18,6 +18,7 @@ package restapi
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"net/http"
@@ -101,7 +102,14 @@ func logoutFromIDPProvider(r *http.Request, state string) error {
 		params.Add("client_id", providerCfg.ClientID)
 		params.Add("client_secret", providerCfg.ClientSecret)
 		params.Add("refresh_token", refreshToken.Value)
-		_, err := http.PostForm(providerCfg.EndSessionEndpoint, params)
+		client := &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					RootCAs: GlobalRootCAs,
+				},
+			},
+		}
+		_, err := client.PostForm(providerCfg.EndSessionEndpoint, params)
 		if err != nil {
 			return err
 		}