From 098bf211a0aee3b804ef10ec8bc2dab73671a605 Mon Sep 17 00:00:00 2001
From: Robin van der Vleuten <robin@webstronauts.co>
Date: Fri, 17 Jun 2016 14:16:48 +0200
Subject: [PATCH 1/3] Correctly build logout url query string.

---
 src/Auth0AuthApi.php  |  5 +++--
 tests/AuthApiTest.php | 10 ++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/Auth0AuthApi.php b/src/Auth0AuthApi.php
index ee2708e1..27ca5039 100644
--- a/src/Auth0AuthApi.php
+++ b/src/Auth0AuthApi.php
@@ -5,6 +5,7 @@
 use Auth0\SDK\API\Header\ContentType;
 use Auth0\SDK\API\Helpers\ApiClient;
 use Auth0\SDK\Exception\ApiException;
+use GuzzleHttp\Psr7;
 
 class Auth0AuthApi {
 
@@ -95,10 +96,10 @@ public function get_logout_link($returnTo = null, $client_id = null) {
     if ($client_id !== null) {
       $params['client_id'] = $client_id;
     }
-    $query_string = implode('&', $params);
 
-    return "https://{$this->domain}/logout?$query_string";
+    $query_string = Psr7\build_query($params);
 
+    return "https://{$this->domain}/logout?$query_string";
   }
 
   public function authorize_with_accesstoken($access_token, $connection, $scope = 'openid', $aditional_params = []){
diff --git a/tests/AuthApiTest.php b/tests/AuthApiTest.php
index 9bb90763..b7737487 100644
--- a/tests/AuthApiTest.php
+++ b/tests/AuthApiTest.php
@@ -71,4 +71,14 @@ public function testImpersonation() {
 
         $this->assertStringStartsWith("https://" . $env['DOMAIN'], $url);
     }
+
+    public function testLogoutLink() {
+        $env = $this->getEnv();
+
+        $api = new Auth0AuthApi($env['DOMAIN'], $env['GLOBAL_CLIENT_ID'], $env['GLOBAL_CLIENT_SECRET']);
+
+        $this->assertSame("https://" . $env['DOMAIN'] . "/logout?", $api->get_logout_link());
+        $this->assertSame("https://" . $env['DOMAIN'] . "/logout?returnTo=http%3A%2F%2Fexample.com", $api->get_logout_link("http://example.com"));
+        $this->assertSame("https://" . $env['DOMAIN'] . "/logout?returnTo=http%3A%2F%2Fexample.com&client_id=" . $env['GLOBAL_CLIENT_ID'], $api->get_logout_link("http://example.com", $env['GLOBAL_CLIENT_ID']));
+    }
 }
\ No newline at end of file

From 819f7b6a8ebdee79b1f76785ac2264c029a38722 Mon Sep 17 00:00:00 2001
From: Robin van der Vleuten <robin@webstronauts.co>
Date: Fri, 17 Jun 2016 14:47:44 +0200
Subject: [PATCH 2/3] Use build_query() function in each method

---
 src/Auth0AuthApi.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/Auth0AuthApi.php b/src/Auth0AuthApi.php
index 27ca5039..68af80a8 100644
--- a/src/Auth0AuthApi.php
+++ b/src/Auth0AuthApi.php
@@ -56,9 +56,7 @@ public function get_authorize_link($response_type, $redirect_uri, $connection =
       $aditional_params['state'] = $state;
     }
 
-    $query_string = implode('&', array_map(function($key,$value){
-      return "$key=$value";
-    }, array_keys($aditional_params), $aditional_params));
+    $query_string = Psr7\build_query($aditional_params);
 
     return "https://{$this->domain}/authorize?$query_string";
   }

From 21373b8f99429e62108c22f0766dd1f20e22c70c Mon Sep 17 00:00:00 2001
From: Robin van der Vleuten <robin@webstronauts.co>
Date: Fri, 17 Jun 2016 15:42:48 +0200
Subject: [PATCH 3/3] Query string is encoded

---
 tests/AuthApiTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/AuthApiTest.php b/tests/AuthApiTest.php
index b7737487..4d34972b 100644
--- a/tests/AuthApiTest.php
+++ b/tests/AuthApiTest.php
@@ -14,11 +14,11 @@ public function testAuthorize() {
 
         $authorize_url = $api->get_authorize_link('code', 'http://lala.com');
 
-        $this->assertEquals("https://dummy.auth0.com/authorize?response_type=code&redirect_uri=http://lala.com&client_id=123456", $authorize_url);
+        $this->assertEquals("https://dummy.auth0.com/authorize?response_type=code&redirect_uri=http%3A%2F%2Flala.com&client_id=123456", $authorize_url);
 
         $authorize_url2 = $api->get_authorize_link('token', 'http://lala.com', 'facebook', 'dastate');
 
-        $this->assertEquals("https://dummy.auth0.com/authorize?response_type=token&redirect_uri=http://lala.com&client_id=123456&connection=facebook&state=dastate", $authorize_url2);
+        $this->assertEquals("https://dummy.auth0.com/authorize?response_type=token&redirect_uri=http%3A%2F%2Flala.com&client_id=123456&connection=facebook&state=dastate", $authorize_url2);
     }
 
     public function testAuthorizeWithRO() {