webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-31 15:24:31 +03:00
Code Activity

OIDC RP Logout: Added autodiscovery support and test cases

Browse Source
This commit is contained in:
Dan Brown
2023-12-06 16:41:50 +00:00
parent bba7dcce49
commit f32cfb4292
6 changed files with 112 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/Access/Oidc/OidcService.php
View File

@ -84,6 +84,7 @@ class OidcService
'redirectUri' => url('/oidc/callback'),
'authorizationEndpoint' => $config['authorization_endpoint'],
'tokenEndpoint' => $config['token_endpoint'],
'endSessionEndpoint' => $config['end_session_endpoint'],
]);
// Use keys if configured
@ -100,6 +101,11 @@ class OidcService
}
}
// Prevent use of RP-initiated logout if specifically disabled
if ($config['end_session_endpoint'] === false) {
$settings->endSessionEndpoint = null;
}
$settings->validate();
return $settings;
@ -291,20 +297,23 @@ class OidcService
* Start the RP-initiated logout flow if active, otherwise start a standard logout flow.
* Returns a post-app-logout redirect URL.
* Reference: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
* @throws OidcException
*/
public function logout(): string
{
$endSessionEndpoint = $this->config()["end_session_endpoint"];
// TODO - Add autodiscovery and false/null config value support.
$oidcToken = session()->pull("oidc_id_token");
$defaultLogoutUrl = url($this->loginService->logout());
$oidcSettings = $this->getProviderSettings();
if (!$oidcSettings->endSessionEndpoint) {
return $defaultLogoutUrl;
}
$endpointParams = [
'id_token_hint' => $oidcToken,
'post_logout_redirect_uri' => $defaultLogoutUrl,
];
return $endSessionEndpoint . '?' . http_build_query($endpointParams);
return $oidcSettings->endSessionEndpoint . '?' . http_build_query($endpointParams);
}
}