providers/proxy: correctly set id_token_hint if possible

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-12-12 19:02:37 +00:00
parent 107f2745c8
commit b3da1d223c

View file

@ -222,17 +222,24 @@ func (a *Application) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
} }
func (a *Application) handleSignOut(rw http.ResponseWriter, r *http.Request) { func (a *Application) handleSignOut(rw http.ResponseWriter, r *http.Request) {
//TODO: Token revocation redirect := a.endpoint.EndSessionEndpoint
s, err := a.sessions.Get(r, constants.SessionName) s, err := a.sessions.Get(r, constants.SessionName)
if err != nil { if err != nil {
http.Redirect(rw, r, a.endpoint.EndSessionEndpoint, http.StatusFound) http.Redirect(rw, r, redirect, http.StatusFound)
return return
} }
if c, exists := s.Values[constants.SessionClaims]; c == nil || !exists {
cc := c.(Claims)
uv := url.Values{
"id_token_hint": []string{cc.RawToken},
}
redirect += "?" + uv.Encode()
}
s.Options.MaxAge = -1 s.Options.MaxAge = -1
err = s.Save(r, rw) err = s.Save(r, rw)
if err != nil { if err != nil {
http.Redirect(rw, r, a.endpoint.EndSessionEndpoint, http.StatusFound) http.Redirect(rw, r, redirect, http.StatusFound)
return return
} }
http.Redirect(rw, r, a.endpoint.EndSessionEndpoint, http.StatusFound) http.Redirect(rw, r, redirect, http.StatusFound)
} }