mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-05 12:23:03 +02:00
identity/provider: implement generic revoke method (#595)
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Ogundele Olumide
GitHub
parent
45c706666c
commit
75f4dadad6
12 changed files with 141 additions and 133 deletions
|
|
@ -217,6 +217,9 @@ func (a *Authenticate) SignIn(w http.ResponseWriter, r *http.Request) error {
|
|||
// SignOut signs the user out and attempts to revoke the user's identity session
|
||||
// Handles both GET and POST.
|
||||
func (a *Authenticate) SignOut(w http.ResponseWriter, r *http.Request) error {
|
||||
// no matter what happens, we want to clear the local session store
|
||||
defer a.sessionStore.ClearSession(w, r)
|
||||
|
||||
jwt, err := sessions.FromContext(r.Context())
|
||||
if err != nil {
|
||||
return httputil.NewError(http.StatusBadRequest, err)
|
||||
|
|
@ -226,17 +229,28 @@ func (a *Authenticate) SignOut(w http.ResponseWriter, r *http.Request) error {
|
|||
return httputil.NewError(http.StatusBadRequest, err)
|
||||
}
|
||||
|
||||
a.sessionStore.ClearSession(w, r)
|
||||
redirectString := r.FormValue(urlutil.QueryRedirectURI)
|
||||
|
||||
// first, try to revoke the session if implemented
|
||||
err = a.provider.Revoke(r.Context(), s.AccessToken)
|
||||
if errors.Is(err, identity.ErrRevokeNotImplemented) {
|
||||
log.FromRequest(r).Warn().Err(err).Msg("authenticate: revoke not implemented")
|
||||
} else if err != nil {
|
||||
if err != nil && !errors.Is(err, identity.ErrRevokeNotImplemented) {
|
||||
return httputil.NewError(http.StatusBadRequest, err)
|
||||
}
|
||||
redirectURL, err := urlutil.ParseAndValidateURL(r.FormValue(urlutil.QueryRedirectURI))
|
||||
|
||||
// next, try to build a logout url if implemented
|
||||
endSessionURL, err := a.provider.LogOut()
|
||||
if err == nil {
|
||||
params := url.Values{}
|
||||
params.Add("post_logout_redirect_uri", redirectString)
|
||||
endSessionURL.RawQuery = params.Encode()
|
||||
redirectString = endSessionURL.String()
|
||||
} else if !errors.Is(err, identity.ErrSignoutNotImplemented) {
|
||||
return httputil.NewError(http.StatusBadRequest, err)
|
||||
}
|
||||
|
||||
redirectURL, err := urlutil.ParseAndValidateURL(redirectString)
|
||||
if err != nil {
|
||||
return httputil.NewError(http.StatusBadRequest, err)
|
||||
|
||||
}
|
||||
httputil.Redirect(w, r, redirectURL.String(), http.StatusFound)
|
||||
return nil
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue