trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/proxy: correctly set id_token_hint if possible 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-12-12 19:02:37 +00:00
parent 107f2745c8
commit b3da1d223c
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
internal/outpost/proxyv2/application/application.go
View File

@ -222,17 +222,24 @@ func (a *Application) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
}
func (a *Application) handleSignOut(rw http.ResponseWriter, r *http.Request) {
//TODO: Token revocation
redirect := a.endpoint.EndSessionEndpoint
s, err := a.sessions.Get(r, constants.SessionName)
if err != nil {
http.Redirect(rw, r, a.endpoint.EndSessionEndpoint, http.StatusFound)
http.Redirect(rw, r, redirect, http.StatusFound)
return
}
if c, exists := s.Values[constants.SessionClaims]; c == nil || !exists {
cc := c.(Claims)
uv := url.Values{
"id_token_hint": []string{cc.RawToken},
}
redirect += "?" + uv.Encode()
}
s.Options.MaxAge = -1
err = s.Save(r, rw)
if err != nil {
http.Redirect(rw, r, a.endpoint.EndSessionEndpoint, http.StatusFound)
http.Redirect(rw, r, redirect, http.StatusFound)
return
}
http.Redirect(rw, r, a.endpoint.EndSessionEndpoint, http.StatusFound)
http.Redirect(rw, r, redirect, http.StatusFound)
}