Add ability to logout from OIDC (#6539)

* Add OIDC_LOGOUT_URI functionality * Add logout redirect to work on logout route * Fix lint * Fix lint * Fix lint * Fix lint * Return null if logout endpoint used * Update import
2024-02-16 16:35:38 +00:00
parent 2c9b01391f
commit bc84714670
7 changed files with 29 additions and 1 deletions
--- a/.env.sample
+++ b/.env.sample
@@ -103,6 +103,7 @@ OIDC_CLIENT_SECRET=
 OIDC_AUTH_URI=
 OIDC_TOKEN_URI=
 OIDC_USERINFO_URI=
+OIDC_LOGOUT_URI=

 # Specify which claims to derive user information from
 # Supports any valid JSON path with the JWT payload
--- a/app.json
+++ b/app.json
@@ -81,6 +81,10 @@
      "description": "",
      "required": false
    },
+    "OIDC_LOGOUT_URI": {
+      "description": "",
+      "required": false
+    },
    "OIDC_USERNAME_CLAIM": {
      "description": "Specify which claims to derive user information from. Supports any valid JSON path with the JWT payload",
      "value": "preferred_username",
--- a/app/actions/definitions/navigation.tsx
+++ b/app/actions/definitions/navigation.tsx
@@ -26,6 +26,7 @@ import SearchQuery from "~/models/SearchQuery";
 import KeyboardShortcuts from "~/scenes/KeyboardShortcuts";
 import { createAction } from "~/actions";
 import { NavigationSection, RecentSearchesSection } from "~/actions/sections";
+import env from "~/env";
 import Desktop from "~/utils/Desktop";
 import history from "~/utils/history";
 import isCloudHosted from "~/utils/isCloudHosted";
@@ -209,7 +210,12 @@ export const logout = createAction({
  analyticsName: "Log out",
  section: NavigationSection,
  icon: <LogoutIcon />,
-  perform: () => stores.auth.logout(),
+  perform: () => {
+    void stores.auth.logout();
+    if (env.OIDC_LOGOUT_URI) {
+      window.location.replace(env.OIDC_LOGOUT_URI);
+    }
+  },
 });

 export const rootNavigationActions = [
--- a/app/scenes/Logout.tsx
+++ b/app/scenes/Logout.tsx
@@ -1,10 +1,15 @@
 import * as React from "react";
 import { Redirect } from "react-router-dom";
+import env from "~/env";
 import useStores from "~/hooks/useStores";

 const Logout = () => {
  const { auth } = useStores();
  void auth.logout();
+  if (env.OIDC_LOGOUT_URI) {
+    window.location.replace(env.OIDC_LOGOUT_URI);
+    return null;
+  }
  return <Redirect to="/" />;
 };

--- a/server/env.ts
+++ b/server/env.ts
@@ -499,6 +499,16 @@ export class Environment {
    process.env.OIDC_USERINFO_URI
  );

+  /**
+   * The OIDC logout endpoint.
+   */
+  @IsOptional()
+  @IsUrl({
+    require_tld: false,
+    allow_underscores: true,
+  })
+  public OIDC_LOGOUT_URI = this.toOptionalString(process.env.OIDC_LOGOUT_URI);
+
  /**
   * The OIDC profile field to use as the username. The default value is
   * "preferred_username".
--- a/server/presenters/env.ts
+++ b/server/presenters/env.ts
@@ -33,6 +33,7 @@ export default function present(
      process.env.SOURCE_COMMIT || process.env.SOURCE_VERSION || undefined,
    APP_NAME: env.APP_NAME,
    ROOT_SHARE_ID: options.rootShareId || undefined,
+    OIDC_LOGOUT_URI: env.OIDC_LOGOUT_URI || undefined,

    analytics: {
      service: options.analytics?.service,
--- a/shared/types.ts
+++ b/shared/types.ts
@@ -61,6 +61,7 @@ export type PublicEnv = {
  RELEASE: string | undefined;
  APP_NAME: string;
  ROOT_SHARE_ID?: string;
+  OIDC_LOGOUT_URI?: string;
  analytics: {
    service?: IntegrationService | UserCreatableIntegrationService;
    settings?: IntegrationSettings<IntegrationType.Analytics>;