Implements OIDC RP-Initiated Logout (#36724)
At logout time, if the user authenticated via OIDC, we look up the provider's `end_session_endpoint` (already discovered by Goth from the OIDC metadata) and redirect there with `client_id` and `post_logout_redirect_uri`. Non-OIDC OAuth2 providers (GitHub, GitLab, etc.) are unaffected — they fall back to local-only logout. Fix #14270 --------- Signed-off-by: Nikita Vakula <nikita.vakula@alpsalpine.com> Co-authored-by: Nikita Vakula <nikita.vakula@alpsalpine.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
@@ -117,7 +117,7 @@ func RegisterTypeConfig(typ Type, exemplar Config) {
|
||||
type Source struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
Type Type
|
||||
Name string `xorm:"UNIQUE"`
|
||||
Name string `xorm:"UNIQUE"` // it can be the OIDC's provider name, see services/auth/source/oauth2/source_register.go: RegisterSource
|
||||
IsActive bool `xorm:"INDEX NOT NULL DEFAULT false"`
|
||||
IsSyncEnabled bool `xorm:"INDEX NOT NULL DEFAULT false"`
|
||||
TwoFactorPolicy string `xorm:"two_factor_policy NOT NULL DEFAULT ''"`
|
||||
|
||||
Reference in New Issue
Block a user