Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oxauth): add client_id parameter support to /end_session #1862

Closed
yuriyz opened this issue Aug 28, 2023 · 1 comment
Closed

feat(oxauth): add client_id parameter support to /end_session #1862

yuriyz opened this issue Aug 28, 2023 · 1 comment
Assignees
@yuriyz
Labels
enhancement libs update, re-factroring, etc.
Milestone
4.5.2

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Aug 28, 2023

Describe the issue

feat(oxauth): add client_id parameter support to /end_session

Support: 11416

Motivation

Corner case is when session is expired and grant object is expired (or revoked) and AS is not able to identify client.

Obviously if AS can't identify client (due to missed session and id_token_hint) it falls back to global validation via clientWhiteList and allowPostLogoutRedirectWithoutValidation=true.

If we want to avoid global clientWhiteList question is still the same, how AS should figure out client if session and id_token_hint is not there ?

One possible solution is to pass client_id explicitly, so AS will do following:

  1. get client from session
  2. if no session -> get client from id_token_hint
  3. if grant object for id_token_hint is not there -> take client by client_id.
  4. client_id parameter is just an idea, it's not supported however it can be implemented.
@yuriyz yuriyz added the enhancement libs update, re-factroring, etc. label Aug 28, 2023
@yuriyz yuriyz added this to the 4.5.2 milestone Aug 28, 2023
@yuriyz yuriyz self-assigned this Aug 28, 2023
@yuriyz yuriyz mentioned this issue Sep 1, 2023
Closed
@yuriyz
Copy link
Contributor Author

yuriyz commented Sep 8, 2023

Fixed in 4.6.0 and 4.5.2.

@yuriyz yuriyz closed this as completed Sep 8, 2023
yuriyz added a commit that referenced this issue Sep 22, 2023
@yuriyz
fix(oxauth): corrected redirect when session does not exist but clien…
5bf1bc5 
…t_id parameter is present (4.5.2)

#1862
yuriyz added a commit that referenced this issue Sep 22, 2023
@yuriyz
fix(oxauth): redirect when session does not exist but client_id param…
a780324 
…eter is present (4.6.0)

#1862
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
enhancement libs update, re-factroring, etc.
Projects
None yet
Milestone
4.5.2
Development

No branches or pull requests
1 participant
@yuriyz