From 2f8749314469ff1ba842e5f07b57e7f587c3a0d5 Mon Sep 17 00:00:00 2001 From: Helmut Merz Date: Wed, 14 May 2025 09:03:15 +0200 Subject: [PATCH] auth: fully functional logout --- scopes/web/auth/oidc.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/scopes/web/auth/oidc.py b/scopes/web/auth/oidc.py index 03fee41..516afd0 100644 --- a/scopes/web/auth/oidc.py +++ b/scopes/web/auth/oidc.py @@ -155,10 +155,20 @@ class Authenticator(DummyFolder): req.response.redirect(self.reqUrl, trusted=True) def logout(self): + #sdata = self.loadSession() + #url = self.params['oidc_provider'] + 'v2/sessions/' + sdata['session_id'] + # requests.delete(url, headers=auth) + logoutUrl = self.params['op_uris']['end_session_endpoint'] + args = dict( + client_id=self.params['client_id'], + post_logout_redirect_uri=config.base_url, + ) + logoutUrl = '?'.join((logoutUrl, urlencode(args))) cname = self.params['cookie_name'] - logger.debug('logout, cookie: %s', cname) + logger.debug('logout, cookie: %s, url: %s', cname, logoutUrl) self.request.response.expireCookie(cname, path='/') - self.request.response.redirect(config.base_url, trusted=True) + self.request.response.redirect(logoutUrl, trusted=True) + #self.request.response.redirect(config.base_url, trusted=True) def storeSession(self, data): lifetime = int(self.params['cookie_lifetime'])