Call endsession point in authLogout (#183)
This commit is contained in:
Clément Oudot
parent
328a280601
commit
3ad495f824
|
|
@ -36,7 +36,7 @@ sub setAuthSessionInfo {
|
|||
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
|
||||
$self->{sessionInfo}->{OpenIDConnect_access_token} =
|
||||
$self->{tmp}->{access_token};
|
||||
$self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{IDToken};
|
||||
$self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{id_token};
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
|
@ -180,7 +180,7 @@ sub extractFormInfo {
|
|||
|
||||
# Remember tokens
|
||||
$self->{tmp}->{access_token} = $access_token;
|
||||
$self->{tmp}->{id_token} = $id_token_payload_hash;
|
||||
$self->{tmp}->{id_token} = $id_token;
|
||||
|
||||
$self->lmLog( "Found user_id: " . $user_id, 'debug' );
|
||||
$self->{user} = $user_id;
|
||||
|
|
@ -267,9 +267,33 @@ sub authFinish {
|
|||
}
|
||||
|
||||
## @apmethod int authLogout()
|
||||
# Does nothing
|
||||
# Send request to endsession endpoint
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub authLogout {
|
||||
my $self = shift;
|
||||
|
||||
my $op = $self->{sessionInfo}->{OpenIDConnect_OP};
|
||||
|
||||
# Find endession endpoint
|
||||
my $endsession_endpoint =
|
||||
$self->{_oidcOPList}->{$op}->{conf}->{end_session_endpoint};
|
||||
|
||||
if ($endsession_endpoint) {
|
||||
my $logout_url = $self->{portal} . "/?logout=1";
|
||||
my $logout_request =
|
||||
$self->buildLogoutRequest( $endsession_endpoint,
|
||||
$self->{sessionInfo}->{OpenIDConnect_IDToken}, $logout_url );
|
||||
|
||||
$self->lmLog(
|
||||
"OpenID Connect logout to $op will be done on $logout_request",
|
||||
'debug' );
|
||||
|
||||
$self->{urldc} = $logout_request;
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "No end session endpoint found for $op", 'debug' );
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1296,6 +1296,38 @@ sub key2jwks {
|
|||
|
||||
return $hash;
|
||||
}
|
||||
## @method String buildLogoutRequest(String redirect_uri, String id_token_hint, String post_logout_redirect_uri, String state)
|
||||
# Build Logout Request URI
|
||||
# @param redirect_uri Redirect URI
|
||||
# @param id_token_hint ID Token
|
||||
# @param post_logout_redirect_uri Callback URI
|
||||
# @param state State
|
||||
# return String Logout URI
|
||||
sub buildLogoutRequest {
|
||||
my ( $self, $redirect_uri, $id_token_hint, $post_logout_redirect_uri,
|
||||
$state )
|
||||
= splice @_;
|
||||
|
||||
my $response_url = $redirect_uri;
|
||||
|
||||
if ($id_token_hint) {
|
||||
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
|
||||
$response_url .= "id_token_hint=" . uri_escape($id_token_hint);
|
||||
}
|
||||
|
||||
if ($post_logout_redirect_uri) {
|
||||
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
|
||||
$response_url .=
|
||||
"post_logout_redirect_uri=" . uri_escape($post_logout_redirect_uri);
|
||||
}
|
||||
|
||||
if ($state) {
|
||||
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
|
||||
$response_url .= "state=" . uri_escape($state);
|
||||
}
|
||||
|
||||
return $response_url;
|
||||
}
|
||||
|
||||
## @method String buildLogoutResponse(String redirect_uri, String state)
|
||||
# Build Logout Response URI
|
||||
|
|
@ -1464,6 +1496,10 @@ Return sub field of an ID Token
|
|||
|
||||
Return JWKS representation of a key
|
||||
|
||||
=head2 buildLogoutRequest
|
||||
|
||||
Build Logout Request URI
|
||||
|
||||
=head2 buildLogoutResponse
|
||||
|
||||
Build Logout Response URI
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user