function logoutNoRole() { localStorage.removeItem("currentClient"); const idToken = getCookie(env.FRONTEND_APP_NAME + "IdToken"); const accessToken = getCookie(env.FRONTEND_APP_NAME + "AccessToken"); let logoutEndpoint = env.LOGOUT_ENDPOINT; // Determine logout endpoint based on iss claim if (accessToken) { const payload = parseJwt(accessToken); if (payload?.iss) { if (payload.iss.includes("/digital-id")) { logoutEndpoint = env.LOGOUT_ENDPOINT; } else if (payload.iss.includes("/myxs")) { logoutEndpoint = env.LOGOUT_ENDPOINT_MYXS; } } } // 🔹 Prepare error info const errObj = { errTitle: "Access Removed", errDesc: "Your account has no access to any client or role. Please contact your system administrator if you believe this is a mistake.", httpCode: 403, }; const errorPageUrl = `${ env.FRONTEND_URL }/error.html?errTitle=${encodeURIComponent( errObj.errTitle )}&errDesc=${encodeURIComponent( errObj.errDesc )}&httpCode=${encodeURIComponent(errObj.httpCode)}`; // Redirect to IdP logout with error page as post_logout_redirect_uri const logoutURL = `${logoutEndpoint}?post_logout_redirect_uri=${encodeURIComponent( errorPageUrl )}&id_token_hint=${encodeURIComponent(idToken || "")}`; window.location.href = logoutURL; // Cleanup cookies deleteCookie(env.FRONTEND_APP_NAME + "AccessToken"); deleteCookie(env.FRONTEND_APP_NAME + "IdToken"); deleteCookie(env.FRONTEND_APP_NAME + "RefreshToken"); deleteCookie(env.FRONTEND_APP_NAME + "PKCEVerifier"); } function checkRoleOrLogout() { const token = getCookie(env.FRONTEND_APP_NAME + "AccessToken"); // Token MUST exist at this point if (!token) { return; } const payload = parseJwt(token); // 🔥 IMPORTANT FIX // roles missing = NO ROLE if (!payload || !Array.isArray(payload.roles)) { logoutNoRole(); return; } if (payload.roles.length === 0) { logoutNoRole(); return; } const hasValidRole = payload.roles.some( (r) => typeof r === "string" && r.includes(":") ); if (!hasValidRole) { logoutNoRole(); } } // document.addEventListener("DOMContentLoaded", () => { // checkRoleOrLogout(); // });