Skip to content

Commit 9bbc103

Browse files
a-klappera-klapper
committed
added support for configurable post logout URLs
1 parent 690e0b6 commit 9bbc103

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

src/controllers/SecurityController.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ class SecurityController extends \Da\User\Controller\SecurityController
1515
public string $keycloakAuthClientId = 'keycloak';
1616
public bool $overrideAuthRedirect = true;
1717
public bool $skipLogoutConfirmation = true;
18+
public string $postLogoutRedirectUrl;
1819

1920
/**
2021
* @inheritdoc
@@ -42,7 +43,7 @@ public function actionLogout()
4243

4344
// Check if user is logged in via keycloak by checking the access token type
4445
if ($client instanceof Keycloak && $client->getAccessToken() instanceof OAuthToken) {
45-
$logoutUrl = self::keycloakFrontChannelLogoutUrl($client, $this->skipLogoutConfirmation);
46+
$logoutUrl = $this->keycloakFrontChannelLogoutUrl($client, $this->skipLogoutConfirmation);
4647
if (!empty($logoutUrl) && Yii::$app->getUser()->logout()) {
4748
Yii::$app->response->redirect($logoutUrl)->send();
4849
$this->trigger(UserEvent::EVENT_AFTER_LOGOUT, $event);
@@ -72,7 +73,7 @@ public function actionLogout()
7273
* @param bool $skipLogoutConfirmation
7374
* @return string|null
7475
*/
75-
protected static function keycloakFrontChannelLogoutUrl(Keycloak $client, bool $skipLogoutConfirmation = true): ?string
76+
protected function keycloakFrontChannelLogoutUrl(Keycloak $client, bool $skipLogoutConfirmation = true): ?string
7677
{
7778
$logoutUrl = null;
7879
// Check if logout confirmation is active or not
@@ -83,17 +84,17 @@ protected static function keycloakFrontChannelLogoutUrl(Keycloak $client, bool $
8384
$accessToken = $client->getAccessToken();
8485
// check if we have an ID token to trigger the logout with no confirmation
8586
if($accessToken?->getParam('id_token')) {
86-
$logoutUrl = $client->getConfigParam('end_session_endpoint') . '?id_token_hint=' . $accessToken->getParam('id_token') . '&post_logout_redirect_uri=' . Url::base(true);
87+
$logoutUrl = $client->getConfigParam('end_session_endpoint') . '?id_token_hint=' . $accessToken->getParam('id_token') . '&post_logout_redirect_uri=' . ($this->postLogoutRedirectUrl ?? Url::base(true));
8788
}
8889
// If there's no id token, logout the user with the default confirmation
8990
else {
90-
$logoutUrl = $client->getConfigParam('end_session_endpoint');
91+
$logoutUrl = $client->getConfigParam('end_session_endpoint') . '&post_logout_redirect_uri=' . ($this->postLogoutRedirectUrl ?? Url::base(true));
9192
}
9293
}
9394
} else {
9495
// If confirmation is enabled and front channel log out is active
9596
if ($client->getConfigParam('frontchannel_logout_supported', false)) {
96-
$logoutUrl = $client->getConfigParam('end_session_endpoint');
97+
$logoutUrl = $client->getConfigParam('end_session_endpoint') . '&post_logout_redirect_uri=' . ($this->postLogoutRedirectUrl ?? Url::base(true));
9798
}
9899
}
99100
return $logoutUrl;

0 commit comments

Comments
 (0)