Skip to content

Commit ce8539e

Browse files
cursoragentlovasoa
cursoragent
and
lovasoa
committed
Checkpoint before follow-up message
Co-authored-by: contact <[email protected]>
1 parent cfca0cf commit ce8539e

File tree

1 file changed

+24
-16
lines changed

1 file changed

+24
-16
lines changed

src/webserver/oidc.rs

Lines changed: 24 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -436,26 +436,34 @@ async fn process_oidc_logout(
436436

437437
let state_cookie = get_logout_state_cookie(request, &params.state)?;
438438
let LogoutState { redirect_uri } = parse_logout_state(&state_cookie)?;
439-
let redirect_uri = redirect_uri.to_string();
440439

441-
let id_token = request.cookie(SQLPAGE_AUTH_COOKIE_NAME);
440+
let id_token_cookie = request.cookie(SQLPAGE_AUTH_COOKIE_NAME);
441+
let id_token = id_token_cookie
442+
.as_ref()
443+
.map(|c| OidcToken::from_str(c.value()))
444+
.transpose()
445+
.ok()
446+
.flatten();
447+
448+
let mut response =
449+
if let Some(end_session_endpoint) = oidc_state.get_end_session_endpoint().await {
450+
let post_logout_redirect_uri = PostLogoutRedirectUrl::new(redirect_uri.to_string())
451+
.with_context(|| format!("Invalid post_logout_redirect_uri: {redirect_uri}"))?;
452+
453+
let mut logout_request = LogoutRequest::from(end_session_endpoint)
454+
.set_post_logout_redirect_uri(post_logout_redirect_uri);
442455

443-
let mut response = if let Some(end_session_endpoint) = oidc_state.get_end_session_endpoint().await
444-
{
445-
let mut logout_url = end_session_endpoint;
446-
{
447-
let mut query_pairs = logout_url.query_pairs_mut();
448-
query_pairs.append_pair("post_logout_redirect_uri", &redirect_uri);
449456
if let Some(ref token) = id_token {
450-
query_pairs.append_pair("id_token_hint", token.value());
457+
logout_request = logout_request.set_id_token_hint(token);
451458
}
452-
}
453-
log::info!("Redirecting to OIDC logout URL: {logout_url}");
454-
build_redirect_response(logout_url.to_string())
455-
} else {
456-
log::info!("No end_session_endpoint, redirecting to {redirect_uri}");
457-
build_redirect_response(redirect_uri)
458-
};
459+
460+
let logout_url = logout_request.http_get_url();
461+
log::info!("Redirecting to OIDC logout URL: {logout_url}");
462+
build_redirect_response(logout_url.to_string())
463+
} else {
464+
log::info!("No end_session_endpoint, redirecting to {redirect_uri}");
465+
build_redirect_response(redirect_uri.to_string())
466+
};
459467

460468
let auth_cookie = Cookie::build(SQLPAGE_AUTH_COOKIE_NAME, "")
461469
.secure(true)

0 commit comments

Comments
 (0)