Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement OIDC back-channel-logout #509

Closed
guimard opened this issue Apr 29, 2024 · 6 comments · Fixed by #521
Closed

Implement OIDC back-channel-logout #509

guimard opened this issue Apr 29, 2024 · 6 comments · Fixed by #521
Assignees
@MontaGhanmy
Labels
feature tech
Milestone
v1.0.3

Comments

@guimard
Copy link
Member

guimard commented Apr 29, 2024
edited

As describe in TWP #132, we want to have logout. The only unbuggy way to do it is to use OIDC Back Channel Logout like Twake-Mail and Twake-Chat.

Please implement it (with backchannel_logout_session_required, to avoid deleting all sessions).
@guimard guimard mentioned this issue Apr 29, 2024
Open
@shepilov
Copy link
Member

image
  • Implements session storage with sub/sid
  • Add sid to the Twake Drive access token
  • Validate sid on every Twake Drive request
  • Implement backchannel logout URI with logout token validation

@shepilov
Copy link
Member

@guimard logout URL should be with POST like this?

/backchannel_logout HTTP/1.1
Host: rp.example.org
Content-Type: application/x-www-form-urlencoded
logout_token=eyJhbGci...

@guimard
Copy link
Member Author

guimard commented Apr 30, 2024

@guimard logout URL should be with POST like this?

/backchannel_logout HTTP/1.1 Host: rp.example.org Content-Type: application/x-www-form-urlencoded logout_token=eyJhbGci...

Yes this is exactly what OP does

@shepilov shepilov added this to the v1.0.3 milestone May 7, 2024
@MontaGhanmy MontaGhanmy self-assigned this May 13, 2024
@MontaGhanmy MontaGhanmy linked a pull request May 13, 2024 that will close this issue
🔐 OIDC back-channel logout #521
Merged
@guimard
Copy link
Member Author

guimard commented May 24, 2024

Hi @shepilov, could you give me the URL to set in LLNG conf ?

@shepilov
Copy link
Member

@guimard https://drive.stg.lin-saas.com/internal/services/console/v1/backchannel_logout
I've just deployed it on the staging

@guimard
Copy link
Member Author

guimard commented May 24, 2024
edited

Configuration updated, let's test. Note that it may fail until @rezk2ll study the new flow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MontaGhanmy MontaGhanmy

Labels
feature tech
Projects
None yet
Milestone
v1.0.3
Development

Successfully merging a pull request may close this issue.

🔐 OIDC back-channel logout linagora/twake-drive
3 participants
@guimard @MontaGhanmy @shepilov