Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authn: Handle logout logic in auth broker #79635

Merged
merged 9 commits into from
Dec 19, 2023
Merged

Authn: Handle logout logic in auth broker #79635

merged 9 commits into from
Dec 19, 2023

Conversation

kalleep
Copy link
Contributor

@kalleep kalleep commented Dec 18, 2023

What is this feature?
The logout handler previously had a bunch of provider specific logic when performing logout. This part was a bit messy and hard to follow.

I instead added logout functionality to authn.Service. The service it self perform all shared logic, revoking session token and generate default redirect url.

Some clients (oauth and saml) can be configured with additional logic that should happen. To support this I added a extensions interface that clients can implement authn.LogoutClient. If a client implements this interface it will be called for users that has authenticated with it.

For now it is only implemented for oauth clients. For these we remove access, refresh and id tokens and if configured create a new redirect url with support for oidc rp initiated logout.

Plan is to also fix enterprise saml client to also implement this interface and remove the TODO added here.

Which issue(s) does this PR fix?:

Fixes https://github.com/grafana/identity-access-team/issues/496

Special notes for your reviewer:

Please check that:

  • It works as expected from a user's perspective.
  • If this is a pre-GA feature, it is behind a feature toggle.
  • The docs are updated, and if this is a notable improvement, it's added to our What's New doc.

@kalleep kalleep added no-backport Skip backport of PR no-changelog Skip including change in changelog/release notes labels Dec 18, 2023
@kalleep kalleep added this to the 10.3.x milestone Dec 18, 2023
@kalleep kalleep self-assigned this Dec 18, 2023
@kalleep kalleep requested review from a team as code owners December 18, 2023 11:58
@kalleep kalleep requested review from papagian, zserge and idafurjes and removed request for a team December 18, 2023 11:58
@kalleep kalleep changed the title Authn/logout Authn: Handle logout logic in auth broker Dec 18, 2023
@kalleep kalleep requested review from Jguer and gamab December 18, 2023 11:58
gamab
gamab reviewed Dec 18, 2023
View reviewed changes
Copy link
Contributor

@gamab gamab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is truly amazing! Very nice and clean refactor.
I just want to give it a quick test before a final approval.

pkg/services/authn/authntest/fake.go Show resolved Hide resolved
pkg/services/authn/authn.go Outdated Show resolved Hide resolved
pkg/services/authn/authn.go Outdated Show resolved Hide resolved
pkg/services/authn/clients/oauth.go Show resolved Hide resolved
pkg/services/authn/clients/oauth_test.go Outdated Show resolved Hide resolved
pkg/services/authn/authnimpl/service.go Show resolved Hide resolved
kalleep and others added 3 commits December 19, 2023 09:17
@kalleep @gamab
Update pkg/services/authn/authn.go
36a1f28 
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
@kalleep @gamab
Update pkg/services/authn/authn.go
0205188 
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
@kalleep
Address feedback
70df8e5
gamab
gamab approved these changes Dec 19, 2023
View reviewed changes
Copy link
Contributor

@gamab gamab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested with AzureAD OIDC Logout, SAML logout, Generic OAuthLogout (with no logout url). Everything worked fine :)

@kalleep kalleep merged commit 8cb351e into main Dec 19, 2023
13 checks passed
@kalleep kalleep deleted the authn/logout branch December 19, 2023 09:17
@kodyabbott kodyabbott mentioned this pull request Dec 27, 2023
Open
@summerwollin summerwollin modified the milestones: 10.3.x, 10.3.0 Jan 22, 2024
@kalleep kalleep mentioned this pull request May 10, 2024
Merged
3 tasks
@grafana-delivery-bot grafana-delivery-bot bot mentioned this pull request May 12, 2024
Merged
3 tasks
@grafana-delivery-bot grafana-delivery-bot bot mentioned this pull request Jun 5, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gamab gamab gamab approved these changes

@papagian papagian Awaiting requested review from papagian papagian was automatically assigned from grafana/backend-platform

@zserge zserge Awaiting requested review from zserge zserge was automatically assigned from grafana/backend-platform

@idafurjes idafurjes Awaiting requested review from idafurjes idafurjes was automatically assigned from grafana/backend-platform

@Jguer Jguer Awaiting requested review from Jguer

Assignees

@kalleep kalleep

Labels
area/backend no-backport Skip backport of PR no-changelog Skip including change in changelog/release notes
Projects
None yet
Milestone
10.3.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kalleep @gamab @summerwollin