Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[gateway] support POST method for the end_session_endpoint #6643

Closed
8 tasks
tcompiegne opened this issue Nov 27, 2021 · 0 comments
Closed
8 tasks

[gateway] support POST method for the end_session_endpoint #6643

tcompiegne opened this issue Nov 27, 2021 · 0 comments
Labels
project: AM type: enhancement
Milestone
AM - 3.10.10

Comments

@tcompiegne
Copy link
Member

tcompiegne commented Nov 27, 2021
edited

User story

As a certified OpenID Connect platform, OpenID Providers MUST support the use of the HTTP GET and POST methods at the Logout Endpoint. RPs MAY use the HTTP GET or POST methods to send the logout request to the OP. If using the HTTP GET method, the request parameters are serialized using URI Query String Serialization. If using the HTTP POST method, the request parameters are serialized using Form Serialization.

https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout

Possible solution

Add a lastLogout date to the user profile. Check this date against the lastLogin date in the SSOSessionHandler.
This endpoint with POST method must require the use of the id_token_hint as a parameter (Browser cookies are not accessible at this stage).

How to test

  • Create a security domain
  • Create a user
  • Create a web application
  • Assign an identity provider
  • Sign-in to your account
  • Call the LogoutEndpoint with a POST method
  • Try to get an access token again (/oauth/authorize)
  • User should be asked to sign in to its account
@tcompiegne tcompiegne added this to the AM - 3.10.10 milestone Nov 27, 2021
@tcompiegne tcompiegne mentioned this issue Dec 2, 2021
Merged
tcompiegne added a commit to gravitee-io/gravitee-access-management that referenced this issue Dec 3, 2021
@tcompiegne
feat(oidc): support POST end_session_endpoint (logout)
b334490 
closes gravitee-io/issues#6643
leleueri pushed a commit to gravitee-io/gravitee-access-management that referenced this issue Dec 6, 2021
@tcompiegne @leleueri
feat(oidc): support POST end_session_endpoint (logout)
e22039c 
closes gravitee-io/issues#6643
@leleueri leleueri closed this as completed Dec 6, 2021
@leleueri leleueri mentioned this issue Dec 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
project: AM type: enhancement
Projects
None yet
Milestone
AM - 3.10.10
Development

No branches or pull requests
2 participants
@tcompiegne @leleueri