fix: autosubmit logout when there's no accountId in the session

closes #566

lib/actions/end_session.js

@@ -12,6 +12,7 @@ const sessionMiddleware = require('../shared/session');
 const revokeGrant = require('../helpers/revoke_grant');
 const noCache = require('../shared/no_cache');
 const ssHandler = require('../helpers/samesite_handler');
+const formPost = require('../response_modes/form_post');
 
 const parseBody = bodyParser.bind(undefined, 'application/x-www-form-urlencoded');
 
@@ -78,11 +79,20 @@ module.exports = {
         postLogoutRedirectUri: ctx.oidc.params.post_logout_redirect_uri || ctx.oidc.urlFor('end_session_success'),
       };
 
-      ctx.type = 'html';
-      ctx.status = 200;
+      const action = ctx.oidc.urlFor('end_session_confirm');
 
-      const formHtml = `<form id="op.logoutForm" method="post" action="${ctx.oidc.urlFor('end_session_confirm')}"><input type="hidden" name="xsrf" value="${secret}"/></form>`;
-      await instance(ctx.oidc.provider).configuration('logoutSource')(ctx, formHtml);
+      if (ctx.oidc.session.accountId()) {
+        ctx.type = 'html';
+        ctx.status = 200;
+
+        const formHtml = `<form id="op.logoutForm" method="post" action="${action}"><input type="hidden" name="xsrf" value="${secret}"/></form>`;
+        await instance(ctx.oidc.provider).configuration('logoutSource')(ctx, formHtml);
+      } else {
+        await formPost(ctx, action, {
+          xsrf: secret,
+          logout: 'yes',
+        });
+      }
 
       await next();
     },