def _logout(self):
logger.debug('user logout')
try:
session = UserSession(flask.session)
except UninitialisedSession as e:
logger.info('user was already logged out, doing nothing')
return None
id_token_jwt = session.id_token_jwt
client = self.clients[session.current_provider]
session.clear()
if client.provider_end_session_endpoint:
flask.session['end_session_state'] = rndstr()
end_session_request = EndSessionRequest(
id_token_hint=id_token_jwt,
post_logout_redirect_uri=self._get_post_logout_redirect_uri(
client),
state=flask.session['end_session_state'])
logger.debug('send endsession request: %s',
end_session_request.to_json())
return redirect(
end_session_request.request(
client.provider_end_session_endpoint), 303)
return None
def __call__(self):
client = self.context.get_oauth2_client()
# session = Session(self.request, use_session_data_manager=self.context.use_session_data_manager)
# state is used to keep track of responses to outstanding requests (state).
# https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/java/logout.adoc
# session.set('end_session_state', rndstr())
args = {
# 'state': session.get('end_session_state'),
# TODO: ....
# 'post_logout_redirect_uri': api.portal.get().absolute_url(),
"redirect_uri": api.portal.get().absolute_url(),
}
pas = getToolByName(self.context, "acl_users")
auth_cookie_name = pas.credentials_cookie_auth.cookie_name
# end_req = client.construct_EndSessionRequest(request_args=args)
end_req = EndSessionRequest(**args)
logout_url = end_req.request(client.end_session_endpoint)
self.request.response.setHeader("Cache-Control", "no-cache, must-revalidate")
# TODO: change path with portal_path
self.request.response.expireCookie(auth_cookie_name, path="/")
self.request.response.expireCookie("auth_token", path="/")
self.request.response.redirect(logout_url)
return
def _logout(self):
id_token_jwt = flask.session['id_token_jwt']
flask.session.clear()
if 'end_session_endpoint' in self.client.provider_info:
flask.session['end_session_state'] = rndstr()
end_session_request = EndSessionRequest(
id_token_hint=id_token_jwt,
post_logout_redirect_uri=self.client_registration_info['post_logout_redirect_uris'][0],
state=flask.session['end_session_state'])
return redirect(end_session_request.request(self.client.provider_info['end_session_endpoint']), 303)
return None
def _provider_logout_url(id_token_jwt):
client = current_app.extensions['oidc_client']
endpoint = client.client.provider_info.get('end_session_endpoint')
logout_urls = client.client_registration_info['post_logout_redirect_uris']
if not endpoint:
return None
session['end_session_state'] = rndstr()
end_session_request = EndSessionRequest(
id_token_hint=id_token_jwt,
post_logout_redirect_uri=logout_urls[0],
state=session['end_session_state'])
return end_session_request.request(endpoint)
def _logout(self):
logger.debug('user logout')
id_token_jwt = flask.session['id_token_jwt']
flask.session.clear()
if 'end_session_endpoint' in self.client.provider_info:
flask.session['end_session_state'] = rndstr()
end_session_request = EndSessionRequest(
id_token_hint=id_token_jwt,
post_logout_redirect_uri=self.
client_registration_info['post_logout_redirect_uris'][0],
state=flask.session['end_session_state'])
logger.debug('send endsession request: %s',
end_session_request.to_json())
return redirect(
end_session_request.request(
self.client.provider_info['end_session_endpoint']), 303)
return None
def _logout(self):
logger.debug('user logout')
session = UserSession(flask.session)
id_token_jwt = session.id_token_jwt
client = self.clients[session.current_provider]
session.clear()
if client.provider_end_session_endpoint:
flask.session['end_session_state'] = rndstr()
end_session_request = EndSessionRequest(
id_token_hint=id_token_jwt,
post_logout_redirect_uri=self._get_post_logout_redirect_uri(),
state=flask.session['end_session_state'])
logger.debug('send endsession request: %s',
end_session_request.to_json())
return redirect(
end_session_request.request(
client.provider_end_session_endpoint), 303)
return None