From bb21ec65e42fc0532ee357c76bb83d8055b3dfdd Mon Sep 17 00:00:00 2001 From: Dirk Louwers Date: Tue, 22 Jan 2019 19:01:19 +0100 Subject: [PATCH 1/2] Added logout functionality through provider --- oidc.go | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/oidc.go b/oidc.go index 15632bb7..e646d404 100644 --- a/oidc.go +++ b/oidc.go @@ -13,6 +13,7 @@ import ( "io/ioutil" "mime" "net/http" + "net/url" "strings" "time" @@ -69,6 +70,7 @@ type Provider struct { authURL string tokenURL string userInfoURL string + logoutURL string // Raw claims returned by the server. rawClaims []byte @@ -82,11 +84,12 @@ type cachedKeys struct { } type providerJSON struct { - Issuer string `json:"issuer"` - AuthURL string `json:"authorization_endpoint"` - TokenURL string `json:"token_endpoint"` - JWKSURL string `json:"jwks_uri"` - UserInfoURL string `json:"userinfo_endpoint"` + Issuer string `json:"issuer"` + AuthURL string `json:"authorization_endpoint"` + TokenURL string `json:"token_endpoint"` + JWKSURL string `json:"jwks_uri"` + UserInfoURL string `json:"userinfo_endpoint"` + EndSessionURL string `json:"end_session_endpoint"` } // NewProvider uses the OpenID Connect discovery mechanism to construct a Provider. @@ -128,6 +131,7 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) { authURL: p.AuthURL, tokenURL: p.TokenURL, userInfoURL: p.UserInfoURL, + logoutURL: p.EndSessionURL, rawClaims: body, remoteKeySet: NewRemoteKeySet(ctx, p.JWKSURL), }, nil @@ -158,6 +162,27 @@ func (p *Provider) Endpoint() oauth2.Endpoint { return oauth2.Endpoint{AuthURL: p.authURL, TokenURL: p.tokenURL} } +// LogoutEndpoint returns the logout endpoints for the given provider. +// See: https://openid.net/specs/openid-connect-session-1_0.html#RPLogout +func (p *Provider) LogoutURL(idTokenHint string, redirectURL string, state string) string { + logoutURL, err := url.Parse(p.logoutURL) + if err != nil { + return "" + } + query := logoutURL.Query() + if idTokenHint != "" { + query.Set("id_token_hint", idTokenHint) + } + if redirectURL != "" { + query.Set("post_logout_redirect_uri", redirectURL) + } + if state != "" { + query.Set("state", state) + } + logoutURL.RawQuery = query.Encode() + return logoutURL.String() +} + // UserInfo represents the OpenID Connect userinfo claims. type UserInfo struct { Subject string `json:"sub"` From 3541c12c18ac3c31b788aef2ae1d9f56a9b9ade2 Mon Sep 17 00:00:00 2001 From: Dirk Louwers Date: Tue, 22 Jan 2019 20:10:59 +0100 Subject: [PATCH 2/2] Fix for method documentation LogoutURL --- oidc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oidc.go b/oidc.go index e646d404..9d7532ab 100644 --- a/oidc.go +++ b/oidc.go @@ -162,7 +162,7 @@ func (p *Provider) Endpoint() oauth2.Endpoint { return oauth2.Endpoint{AuthURL: p.authURL, TokenURL: p.tokenURL} } -// LogoutEndpoint returns the logout endpoints for the given provider. +// LogoutURL returns the logout endpoints for the given provider. // See: https://openid.net/specs/openid-connect-session-1_0.html#RPLogout func (p *Provider) LogoutURL(idTokenHint string, redirectURL string, state string) string { logoutURL, err := url.Parse(p.logoutURL)