Commit 3ad495f8 authored by Clément OUDOT's avatar Clément OUDOT

Call endsession point in authLogout (#183)

parent 328a2806
......@@ -36,7 +36,7 @@ sub setAuthSessionInfo {
$self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent};
$self->{sessionInfo}->{OpenIDConnect_access_token} =
$self->{tmp}->{access_token};
$self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{IDToken};
$self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{id_token};
PE_OK;
}
......@@ -180,7 +180,7 @@ sub extractFormInfo {
# Remember tokens
$self->{tmp}->{access_token} = $access_token;
$self->{tmp}->{id_token} = $id_token_payload_hash;
$self->{tmp}->{id_token} = $id_token;
$self->lmLog( "Found user_id: " . $user_id, 'debug' );
$self->{user} = $user_id;
......@@ -267,9 +267,33 @@ sub authFinish {
}
## @apmethod int authLogout()
# Does nothing
# Send request to endsession endpoint
# @return Lemonldap::NG::Portal constant
sub authLogout {
my $self = shift;
my $op = $self->{sessionInfo}->{OpenIDConnect_OP};
# Find endession endpoint
my $endsession_endpoint =
$self->{_oidcOPList}->{$op}->{conf}->{end_session_endpoint};
if ($endsession_endpoint) {
my $logout_url = $self->{portal} . "/?logout=1";
my $logout_request =
$self->buildLogoutRequest( $endsession_endpoint,
$self->{sessionInfo}->{OpenIDConnect_IDToken}, $logout_url );
$self->lmLog(
"OpenID Connect logout to $op will be done on $logout_request",
'debug' );
$self->{urldc} = $logout_request;
}
else {
$self->lmLog( "No end session endpoint found for $op", 'debug' );
}
PE_OK;
}
......
......@@ -1296,6 +1296,38 @@ sub key2jwks {
return $hash;
}
## @method String buildLogoutRequest(String redirect_uri, String id_token_hint, String post_logout_redirect_uri, String state)
# Build Logout Request URI
# @param redirect_uri Redirect URI
# @param id_token_hint ID Token
# @param post_logout_redirect_uri Callback URI
# @param state State
# return String Logout URI
sub buildLogoutRequest {
my ( $self, $redirect_uri, $id_token_hint, $post_logout_redirect_uri,
$state )
= splice @_;
my $response_url = $redirect_uri;
if ($id_token_hint) {
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
$response_url .= "id_token_hint=" . uri_escape($id_token_hint);
}
if ($post_logout_redirect_uri) {
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
$response_url .=
"post_logout_redirect_uri=" . uri_escape($post_logout_redirect_uri);
}
if ($state) {
$response_url .= ( $response_url =~ /\?/ ? '&' : '?' );
$response_url .= "state=" . uri_escape($state);
}
return $response_url;
}
## @method String buildLogoutResponse(String redirect_uri, String state)
# Build Logout Response URI
......@@ -1464,6 +1496,10 @@ Return sub field of an ID Token
Return JWKS representation of a key
=head2 buildLogoutRequest
Build Logout Request URI
=head2 buildLogoutResponse
Build Logout Response URI
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment