Call endsession point in authLogout (#183)
This commit is contained in:
parent
328a280601
commit
3ad495f824
|
@ -36,7 +36,7 @@ sub setAuthSessionInfo {
|
||||||
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
|
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
|
||||||
$self->{sessionInfo}->{OpenIDConnect_access_token} =
|
$self->{sessionInfo}->{OpenIDConnect_access_token} =
|
||||||
$self->{tmp}->{access_token};
|
$self->{tmp}->{access_token};
|
||||||
$self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{IDToken};
|
$self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{id_token};
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
@ -180,7 +180,7 @@ sub extractFormInfo {
|
||||||
|
|
||||||
# Remember tokens
|
# Remember tokens
|
||||||
$self->{tmp}->{access_token} = $access_token;
|
$self->{tmp}->{access_token} = $access_token;
|
||||||
$self->{tmp}->{id_token} = $id_token_payload_hash;
|
$self->{tmp}->{id_token} = $id_token;
|
||||||
|
|
||||||
$self->lmLog( "Found user_id: " . $user_id, 'debug' );
|
$self->lmLog( "Found user_id: " . $user_id, 'debug' );
|
||||||
$self->{user} = $user_id;
|
$self->{user} = $user_id;
|
||||||
|
@ -267,9 +267,33 @@ sub authFinish {
|
||||||
}
|
}
|
||||||
|
|
||||||
## @apmethod int authLogout()
|
## @apmethod int authLogout()
|
||||||
# Does nothing
|
# Send request to endsession endpoint
|
||||||
# @return Lemonldap::NG::Portal constant
|
# @return Lemonldap::NG::Portal constant
|
||||||
sub authLogout {
|
sub authLogout {
|
||||||
|
my $self = shift;
|
||||||
|
|
||||||
|
my $op = $self->{sessionInfo}->{OpenIDConnect_OP};
|
||||||
|
|
||||||
|
# Find endession endpoint
|
||||||
|
my $endsession_endpoint =
|
||||||
|
$self->{_oidcOPList}->{$op}->{conf}->{end_session_endpoint};
|
||||||
|
|
||||||
|
if ($endsession_endpoint) {
|
||||||
|
my $logout_url = $self->{portal} . "/?logout=1";
|
||||||
|
my $logout_request =
|
||||||
|
$self->buildLogoutRequest( $endsession_endpoint,
|
||||||
|
$self->{sessionInfo}->{OpenIDConnect_IDToken}, $logout_url );
|
||||||
|
|
||||||
|
$self->lmLog(
|
||||||
|
"OpenID Connect logout to $op will be done on $logout_request",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
|
$self->{urldc} = $logout_request;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$self->lmLog( "No end session endpoint found for $op", 'debug' );
|
||||||
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1296,6 +1296,38 @@ sub key2jwks {
|
||||||
|
|
||||||
return $hash;
|
return $hash;
|
||||||
}
|
}
|
||||||
|
## @method String buildLogoutRequest(String redirect_uri, String id_token_hint, String post_logout_redirect_uri, String state)
|
||||||
|
# Build Logout Request URI
|
||||||
|
# @param redirect_uri Redirect URI
|
||||||
|
# @param id_token_hint ID Token
|
||||||
|
# @param post_logout_redirect_uri Callback URI
|
||||||
|
# @param state State
|
||||||
|
# return String Logout URI
|
||||||
|
sub buildLogoutRequest {
|
||||||
|
my ( $self, $redirect_uri, $id_token_hint, $post_logout_redirect_uri,
|
||||||
|
$state )
|
||||||
|
= splice @_;
|
||||||
|
|
||||||
|
my $response_url = $redirect_uri;
|
||||||
|
|
||||||
|
if ($id_token_hint) {
|
||||||
|
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
|
||||||
|
$response_url .= "id_token_hint=" . uri_escape($id_token_hint);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($post_logout_redirect_uri) {
|
||||||
|
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
|
||||||
|
$response_url .=
|
||||||
|
"post_logout_redirect_uri=" . uri_escape($post_logout_redirect_uri);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($state) {
|
||||||
|
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
|
||||||
|
$response_url .= "state=" . uri_escape($state);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $response_url;
|
||||||
|
}
|
||||||
|
|
||||||
## @method String buildLogoutResponse(String redirect_uri, String state)
|
## @method String buildLogoutResponse(String redirect_uri, String state)
|
||||||
# Build Logout Response URI
|
# Build Logout Response URI
|
||||||
|
@ -1464,6 +1496,10 @@ Return sub field of an ID Token
|
||||||
|
|
||||||
Return JWKS representation of a key
|
Return JWKS representation of a key
|
||||||
|
|
||||||
|
=head2 buildLogoutRequest
|
||||||
|
|
||||||
|
Build Logout Request URI
|
||||||
|
|
||||||
=head2 buildLogoutResponse
|
=head2 buildLogoutResponse
|
||||||
|
|
||||||
Build Logout Response URI
|
Build Logout Response URI
|
||||||
|
|
Loading…
Reference in New Issue
Block a user