Logout Redirect to Keycloak (#345)

* Logout Redirect to Keycloak - defaulting to the redirection url if nothing provided * - keeping the same behaviour as before - yes, this is a bit hackish
louketo · Apr 9, 2018 · 457f203 · 457f203
1 parent ea55d14
commit 457f203
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/handlers.go b/handlers.go
@@ -279,10 +279,19 @@ func emptyHandler(w http.ResponseWriter, req *http.Request) {}
 //  - if the user has a refresh token, the token is invalidated by the provider
 //  - optionally, the user can be redirected by to a url
 func (r *oauthProxy) logoutHandler(w http.ResponseWriter, req *http.Request) {
-	// the user can specify a url to redirect the back
-	redirectURL := req.URL.Query().Get("redirect")
+	// @check if the redirection is there
+	var redirectURL string
+	for k := range req.URL.Query() {
+		if k == "redirect" {
+			redirectURL = req.URL.Query().Get("redirect")
+			if redirectURL == "" {
+				// than we can default to redirection url
+				redirectURL = strings.TrimSuffix(r.config.RedirectionURL, "/oauth/callback")
+			}
+		}
+	}
 
-	// step: drop the access token
+	// @step: drop the access token
 	user, err := r.getIdentity(req)
 	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
@@ -317,10 +326,10 @@ func (r *oauthProxy) logoutHandler(w http.ResponseWriter, req *http.Request) {
 
 	// @check if we should redirect to the provider
 	if r.config.EnableLogoutRedirect {
-		redirectURL := fmt.Sprintf("%s/protocol/openid-connect/logout?redirect_uri=%s",
+		sendTo := fmt.Sprintf("%s/protocol/openid-connect/logout?redirect_uri=%s",
 			strings.TrimSuffix(r.config.DiscoveryURL, "/.well-known/openid-configuration"), redirectURL)
 
-		r.redirectToURL(redirectURL, w, req)
+		r.redirectToURL(sendTo, w, req)
 
 		return
 	}