revert changes to sign-out

app/controllers/application_controller.rb

@@ -87,7 +87,11 @@ def skip_csrf_meta_tags?
   end
 
   def after_sign_out_path_for(_resource_or_scope)
-    root_path
+    if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true'
+      '/auth/auth/openid_connect/logout'
+    else
+      new_user_session_path
+    end
   end
 
   protected

app/controllers/auth/sessions_controller.rb

@@ -11,9 +11,6 @@ class Auth::SessionsController < Devise::SessionsController
   skip_before_action :require_functional!
   skip_before_action :update_user_sign_in
 
-  # Allow any client to call /auth/sign_out via a delete call
-  skip_before_action :verify_authenticity_token, only: [:destroy]
-
   prepend_before_action :check_suspicious!, only: [:create]
 
   include TwoFactorAuthenticationConcern