Implements OIDC RP-Initiated Logout (#36724)
At logout time, if the user authenticated via OIDC, we look up the provider's `end_session_endpoint` (already discovered by Goth from the OIDC metadata) and redirect there with `client_id` and `post_logout_redirect_uri`. Non-OIDC OAuth2 providers (GitHub, GitLab, etc.) are unaffected — they fall back to local-only logout. Fix #14270 --------- Signed-off-by: Nikita Vakula <nikita.vakula@alpsalpine.com> Co-authored-by: Nikita Vakula <nikita.vakula@alpsalpine.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
+1
-1
@@ -691,7 +691,7 @@ func registerWebRoutes(m *web.Router) {
|
||||
m.Post("/recover_account", auth.ResetPasswdPost)
|
||||
m.Get("/forgot_password", auth.ForgotPasswd)
|
||||
m.Post("/forgot_password", auth.ForgotPasswdPost)
|
||||
m.Post("/logout", auth.SignOut)
|
||||
m.Get("/logout", auth.SignOut)
|
||||
m.Get("/stopwatches", reqSignIn, user.GetStopwatches)
|
||||
m.Get("/search_candidates", optExploreSignIn, user.SearchCandidates)
|
||||
m.Group("/oauth2", func() {
|
||||
|
||||
Reference in New Issue
Block a user