contrib: logout redirection to CERN auth #226
Conversation
| @cern_oauth_blueprint.route('/cern_openid/logout/') | ||
| def logout_redirect(): | ||
| """Redirect to the CERN OpenID logout.""" | ||
| return redirect(current_app.config['OAUTH_REMOTE_REST_APP']['logout_url']) |
There was a problem hiding this comment.
What is the code that will return?
| return redirect(current_app.config['OAUTH_REMOTE_REST_APP']['logout_url']) | |
| return redirect(current_app.config['OAUTH_REMOTE_REST_APP']['logout_url'], code=302) |
There was a problem hiding this comment.
I think is the case already when you return the redirect :)
There was a problem hiding this comment.
@topless Actually, you might be right 😅
There was a problem hiding this comment.
It is 302 by default... but yeah better safe than sorry :)
| @@ -90,20 +94,24 @@ | |||
| OAUTHCLIENT_CERN_OPENID_ALLOWED_ROLES = ["cern_user"] | |||
| """CERN OAuth application role values that are allowed to be used.""" | |||
|
|
|||
| _ACCOUNTS_REST_AUTH_VIEWS.update( | |||
| logout="invenio_oauthclient.contrib.cern_openid:CERNOpenIDLogoutView") | |||
| ACCOUNTS_REST_AUTH_VIEWS = _ACCOUNTS_REST_AUTH_VIEWS | |||
There was a problem hiding this comment.
Can we just skip the whole _ACCOUNTS_REST_AUTH_VIEWS? I think it is just an alias, so we could just
from invenio_accounts.config import ACCOUNTS_REST_AUTH_VIEWS
ACCOUNTS_REST_AUTH_VIEWS.update(
logout="invenio_oauthclient.contrib.cern_openid:CERNOpenIDLogoutView")
There was a problem hiding this comment.
I had problems with updating the config variables in this way in the past, they were not overwritten correctly
There was a problem hiding this comment.
There might be a problem here: it looks like that ACCOUNTS_REST_AUTH_VIEWS is global. So if you have configured multiple login method, e.g. local accounts, GitHub and CERN, they will all use this class.
@zzacharo can you maybe give your advice?
No idea how to solve it at the moment...
There was a problem hiding this comment.
Why don't you decouple this behaviour in the UI. For example:
- SPA logout from accounts
- SPA logout from OAuth
| @cern_oauth_blueprint.route('/cern_openid/logout/') | ||
| def logout_redirect(): | ||
| """Redirect to the CERN OpenID logout.""" | ||
| return redirect(current_app.config['OAUTH_REMOTE_REST_APP']['logout_url']) |
There was a problem hiding this comment.
@kprzerwa So, after the redirect to the logout page of OAuth, are you staying on that page, i.e not returning back to the SPA?
No description provided.