def do_post_logout_redirect(self, end_session_request):
# type: (oic.oic.message.EndSessionRequest) -> oic.oic.message.EndSessionResponse
if 'post_logout_redirect_uri' not in end_session_request:
return None
client_id = None
if 'id_token_hint' in end_session_request:
id_token = IdToken().from_jwt(end_session_request['id_token_hint'],
key=[self.signing_key])
client_id = id_token['aud'][0]
if 'post_logout_redirect_uri' in end_session_request:
if not client_id:
return None
if not end_session_request[
'post_logout_redirect_uri'] in self.clients[client_id].get(
'post_logout_redirect_uris', []):
return None
end_session_response = EndSessionResponse()
if 'state' in end_session_request:
end_session_response['state'] = end_session_request['state']
return end_session_response.request(
end_session_request['post_logout_redirect_uri'])
def __call__(self, request):
query = urlparse(request.url).query
req = self.provider.parse_end_session_request(query=query)
resp = EndSessionResponse(state=req['state'])
return (302, {'Location': resp.request(req['redirect_url'])}, '')
def __call__(self, request):
query = urlparse(request.url).query
req = self.provider.parse_end_session_request(query=query)
resp = EndSessionResponse(state=req['state'])
return (302, {'Location': resp.request(req['redirect_url'])}, '')
def end_session_endpoint(self, query):
try:
req = self.parse_end_session_request(query=query)
except Exception:
raise
# redirect back
resp = EndSessionResponse(state=req["state"])
url = resp.request(req["redirect_url"])
response = Response()
response.headers = {"location": url}
response.status_code = 302 # redirect
response.text = ""
return response
def end_session_endpoint(self, query):
try:
req = self.parse_end_session_request(query=query)
except Exception:
raise
# redirect back
resp = EndSessionResponse(state=req["state"])
url = resp.request(req["redirect_url"])
response = Response()
response.headers = {"location": url}
response.status_code = 302 # redirect
response.text = ""
return response
def test_post_logout_redirect(self):
auth_req = AuthorizationRequest(
response_type='code id_token token',
scope='openid',
client_id='client1',
redirect_uri='https://client.example.com/redirect')
auth_resp = self.provider.authorize(auth_req, 'user1')
end_session_request = EndSessionRequest(
id_token_hint=auth_resp['id_token'],
post_logout_redirect_uri='https://client.example.com/post_logout',
state='state')
redirect_url = self.provider.do_post_logout_redirect(
end_session_request)
assert redirect_url == EndSessionResponse(
state='state').request('https://client.example.com/post_logout')