Ely 2534 OIDC logout support#2245
Conversation
…ck-channel logout
…an active session
…ing doesn't rely on an active session and ensure the session will get invalidated appropriately upon subsequent requests
…validation check to before the authenticator#authenticate call and update the check to not remove the session from the map to ensure that the user gets logged out from any other apps too
… the sessionsMarkedForInvalidation map
rsearls
force-pushed
the
ELY-2534-OIDC-logout-Farah-RLS-CHANGES-V2
branch
from
aef15f7 to
ebdeafe
Compare
|
@rsearls We discussed this a bit before but just wanted to add a comment here so we don't forget. The last commit in this PR is currently a bit hard to review because it contains a few changes that I had made in separate commits along with subsequent changes you made altogether in one commit. To make it a bit easier to review and understand the changes that were made, I have created a branch here that preserves the original commits we had and incorporates the changes from your branch: https://github.com/fjuma/wildfly-elytron/tree/updated-oidc-logout I have verified that the Elytron testsuite passes with this branch. I have submitted a PR against your branch (rsearls#2) so you could just click merge to get these changes included here or alternatively, you could check out my branch and then create a new PR based off that: https://github.com/fjuma/wildfly-elytron/tree/updated-oidc-logout Let me know if you have any questions about this. Thanks! |
Updated this branch to preserve some individual commits for better readability
| NO_QUERY_PARAMETER_ACCESS_TOKEN | ||
| NO_QUERY_PARAMETER_ACCESS_TOKEN, | ||
| NO_SESSION_ID, | ||
| METHOD_NOT_ALLOWED |
There was a problem hiding this comment.
I think NO_SESSION_ID and METHOD_NOT_ALLOWED can be removed, I don't see them being used.
| RuntimeException invalidAuthenticationRequestFormat(); | ||
|
|
||
| @Message(id = 23071, value = "%s is not a valid value for %s") | ||
| RuntimeException invalidLogoutPath(String pathValue, String pathName); |
There was a problem hiding this comment.
Might be good to mention the logout path is invalid, e.g., "Invalid logout output: %s is not a valid value for %s"
| RuntimeException invalidLogoutPath(String pathValue, String pathName); | ||
|
|
||
| @Message(id = 23072, value = "The end substring of %s: %s can not be identical to %s: %s") | ||
| RuntimeException invalidLogoutCallbackPath(String callbackPathTitle, String callbacPathkValue, |
There was a problem hiding this comment.
Same here, might be good to provide more details in the error message
| RuntimeException invalidLogoutPath(String pathValue, String pathName); | ||
|
|
||
| @Message(id = 23072, value = "The end substring of %s: %s can not be identical to %s: %s") | ||
| RuntimeException invalidLogoutCallbackPath(String callbackPathTitle, String callbacPathkValue, |
There was a problem hiding this comment.
s/callbacPathkValue/callbackPathValue
There was a problem hiding this comment.
Maybe s/logoutPathTitle/logoutPathName?
| private static final String POST_LOGOUT_REDIRECT_URI_PARAM = "post_logout_redirect_uri"; | ||
| private static final String ID_TOKEN_HINT_PARAM = "id_token_hint"; | ||
| public static final String POST_LOGOUT_REDIRECT_URI_PARAM = "post_logout_redirect_uri"; | ||
| public static final String ID_TOKEN_HINT_PARAM = "id_token_hint"; |
| private static final String ISS = "iss"; | ||
| private static final String CLIENT_ID_SID_SEPARATOR = "-"; | ||
| public static final String SID = "sid"; | ||
| public static final String ISS = "iss"; |
|
@rsearls Was just starting to provide some feedback on your commits but just noticed an additional commit (ebdeafe) seems to have popped up again that contains a mixture of your changes and my changes so it's a bit hard to see what has changed. I don't see that one in my branch here: https://github.com/fjuma/wildfly-elytron/commits/updated-oidc-logout/ |
|
This PR replaced by #2249 |
3 participants
https://issues.redhat.com/browse/ELY-2534