Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added logout functionality through provider #190

Closed
wants to merge 2 commits into from
Closed

Added logout functionality through provider #190

wants to merge 2 commits into from

Conversation

dlouwers
Copy link

@dlouwers dlouwers commented Jan 22, 2019
edited

Hi,

Had a need for end_session_endpoint so added this along with a utility function to add parameters mentioned in the spec.

@bruno-vwdilab
Copy link

Hello!
Any news about this? Planning on merging? We're also very interested in this!
Thanks! Good job guys.

ericchiang
ericchiang reviewed Apr 17, 2019
View reviewed changes
Copy link
Collaborator

@ericchiang ericchiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with this flow. Does the client need to POST to this endpoint with its credentials or something?

Also what providers implement this?

oidc.go
@@ -158,6 +162,27 @@ func (p *Provider) Endpoint() oauth2.Endpoint {
return oauth2.Endpoint{AuthURL: p.authURL, TokenURL: p.tokenURL}
}

// LogoutURL returns the logout endpoints for the given provider.
// See: https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
func (p *Provider) LogoutURL(idTokenHint string, redirectURL string, state string) string {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where do these values come from? E.g. how would a user get the idTokenHint and redirectURL?

Copy link
Author

@dlouwers dlouwers Apr 18, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For idTokenHint I am using the token value, which works on Azure AD OpenID Connect. The redirectURL I am getting off of the request url query parameter, but sources could differ. It must be registered as a valid callback url, just like a login url. This callback makes sure that the application session is ended and can be registered separately as a logout url in Azure so that it calls all registered logout url's when a user has signed off, effectively implementing single signoff.

In my case:

http.Redirect(w, r, openIDConfig.provider.LogoutURL(openIDTokenCookie.Value, callbackURL, redirectURL), http.StatusFound)

See: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-openid-connect-code#single-sign-out

@ericchiang
Copy link
Collaborator

@bruno-vwdilab fyi you don't need to wait for this to merge to access end_session_endpoint:

p, err := oidc.NewProvider(ctx, myIssuer)
if err != nil {
    // handle error
}
var claims struct {
    EndSessionURL string `json:"end_session_endpoint"`
}
if err := p.Claims(&claims); err != nil {
    // handle error
}
// use claims.EndSessionURL

@bruno-vwdilab
Copy link

@bruno-vwdilab fyi you don't need to wait for this to merge to access end_session_endpoint:

p, err := oidc.NewProvider(ctx, myIssuer)
if err != nil {
    // handle error
}
var claims struct {
    EndSessionURL string `json:"end_session_endpoint"`
}
if err := p.Claims(&claims); err != nil {
    // handle error
}
// use claims.EndSessionURL

Perfect @ericchiang
Thanks for the help.

@dlouwers
Copy link
Author

dlouwers commented Jun 26, 2019
edited

@ericchiang Are there plans to merge this or is there something that still needs to be done?

@dlouwers dlouwers mentioned this pull request Dec 20, 2019
Open
@dlouwers
Copy link
Author

Closed in favor of #226

@dlouwers dlouwers closed this Dec 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericchiang ericchiang ericchiang left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dlouwers @bruno-vwdilab @ericchiang @dlouwers-aez