feat(auth-node): add OAuthAuthenticatorLogoutResult type for provider logout redirects

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>

plugins/auth-node/src/oauth/index.ts

@@ -37,6 +37,7 @@ export {
   type OAuthAuthenticator,
   type OAuthAuthenticatorAuthenticateInput,
   type OAuthAuthenticatorLogoutInput,
+  type OAuthAuthenticatorLogoutResult,
   type OAuthAuthenticatorRefreshInput,
   type OAuthAuthenticatorResult,
   type OAuthAuthenticatorScopeOptions,

plugins/auth-node/src/oauth/types.ts

@@ -76,6 +76,16 @@ export interface OAuthAuthenticatorLogoutInput {
   req: Request;
 }
 
+/** @public */
+export interface OAuthAuthenticatorLogoutResult {
+  /**
+   * If set, the frontend will redirect the browser to this URL after clearing
+   * the Backstage session. Use this to terminate provider-side sessions (e.g.
+   * Auth0's `/v2/logout` endpoint).
+   */
+  logoutUrl?: string;
+}
+
 /** @public */
 export interface OAuthAuthenticatorResult<TProfile> {
   fullProfile: TProfile;
@@ -101,7 +111,10 @@ export interface OAuthAuthenticator<TContext, TProfile> {
     input: OAuthAuthenticatorRefreshInput,
     ctx: TContext,
   ): Promise<OAuthAuthenticatorResult<TProfile>>;
-  logout?(input: OAuthAuthenticatorLogoutInput, ctx: TContext): Promise<void>;
+  logout?(
+    input: OAuthAuthenticatorLogoutInput,
+    ctx: TContext,
+  ): Promise<void | OAuthAuthenticatorLogoutResult>;
 }
 
 /** @public */