auth: fully functional logout

scopes/tests/tlib_storage.py

@@ -126,7 +126,10 @@ def test_topic(self, config):
 def test_message(self, config):
     storage = config.storageFactory(config.dbschema)
     storage.dropTable('messages')
-    tracks = storage.create(message.Messages)
+    messages = storage.create(message.Messages)
+    m01 = message.Message('system', 'data', 'session', 'V1_317784226621611853')
+    m01.update(dict(userid='tst9'))
+    mid01 = messages.save(m01)
 
     storage.commit()
 

scopes/web/auth/oidc.py

@@ -155,10 +155,20 @@ class Authenticator(DummyFolder):
         req.response.redirect(self.reqUrl, trusted=True)
 
     def logout(self):
+        #sdata = self.loadSession()
+        #url = self.params['oidc_provider'] + 'v2/sessions/' + sdata['session_id']
+        # requests.delete(url, headers=auth)
+        logoutUrl = self.params['op_uris']['end_session_endpoint']
+        args = dict(
+                client_id=self.params['client_id'],
+                post_logout_redirect_uri=config.base_url,
+        )
+        logoutUrl = '?'.join((logoutUrl, urlencode(args)))
         cname = self.params['cookie_name']
-        logger.debug('logout, cookie: %s', cname)
+        logger.debug('logout, cookie: %s, url: %s', cname, logoutUrl)
         self.request.response.expireCookie(cname, path='/')
-        self.request.response.redirect(config.base_url, trusted=True)
+        self.request.response.redirect(logoutUrl, trusted=True)
+        #self.request.response.redirect(config.base_url, trusted=True)
 
     def storeSession(self, data):
         lifetime = int(self.params['cookie_lifetime'])