-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #287 - Add LogoutEventListener #302
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Jayfrown
force-pushed
the
logout_listener
branch
from
February 5, 2022 17:14
8d16b56
to
7faacfb
Compare
Jayfrown
commented
Feb 5, 2022
Jayfrown
force-pushed
the
logout_listener
branch
from
February 5, 2022 17:24
7faacfb
to
963e886
Compare
@mbabker If you have the time, would you mind reviewing this PR? Maybe we can spot and fix some issues before @markitosgv has the time to take a look at it. |
mbabker
reviewed
Mar 22, 2022
mbabker
reviewed
Mar 22, 2022
mbabker
reviewed
Mar 22, 2022
Jayfrown
force-pushed
the
logout_listener
branch
from
March 23, 2022 14:08
702a029
to
332e2bf
Compare
mbabker
reviewed
Mar 23, 2022
Jayfrown
force-pushed
the
logout_listener
branch
from
March 23, 2022 16:04
332e2bf
to
a6779e4
Compare
mbabker
approved these changes
Mar 23, 2022
This commit introduces a `LogoutEventListener` which invalidates the given `refresh_token` and unsets the cookie, if enabled. If no refresh token is supplied, an error is returned and the cookie remains untouched. If the supplied refresh token is (already) invalid, the cookie is unset. Because the `LogoutEventListener` always sets a response, it would inhibit normal logout behavior and therefore should only run on a specifically configured firewall. Therefore a new configuration option is introduced, called `logout_firewall`, which contains the name of the firewall that triggers the logout event we want to hook into (default: `api`).
Jayfrown
force-pushed
the
logout_listener
branch
from
March 23, 2022 16:52
a6779e4
to
c154e28
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit introduces a
LogoutEventListener
which invalidates the givenrefresh_token
and unsets the cookie, if enabled.If no refresh token is supplied, an error is returned and the cookie remains untouched. If the supplied refresh token is (already) invalid, the cookie is unset.
Because the
LogoutEventListener
always sets a response, it would inhibit normal logout behavior and therefore should only run on a specifically configured firewall.Therefore a new configuration option is introduced, called
logout_firewall
, which contains the name of the firewall that triggers the logout event we want to hook into (default:api
).