✨(backend) support Agent Connect Logout flow
The default Logout view provided by Mozilla Django OIDC is not suitable for the Agent Connect Logout flow. Previously, when a user was logging-out, only its Django session was ended. However, its session in the OIDC provider was still active. Agent Connect implements a 'session/end' endpoint, that allows services to end user session when they logout. Agent Connect logout triggers cannot work with the default views implemented by the dependency Mozilla Django OIDC. In their implementation, they decided to end Django Session before redirecting to the OIDC provider. The Django session needs to be retained during the logout process. An OIDC state is saved to the request session, pass to Agent Connect Logout endpoint, and verified when the backend receives the Logout callback from Agent Connect. It seems to follow OIDC specifications. If for any reason, the Logout flow cannot be initiated with Agent Connect, (missing ID token in cache, unauthenticated user, etc), the user is redirected to the final URL, without interacting with Agent Connect.
This commit is contained in:
Lebaud Antoine
committed by
aleb_the_flash
aleb_the_flash
parent
05d9a09d63
commit
7a26f377e3
18
src/backend/core/authentication/urls.py
Normal file
18
src/backend/core/authentication/urls.py
Normal file
@@ -0,0 +1,18 @@
|
||||
"""Authentication URLs for the People core app."""
|
||||
|
||||
from django.urls import path
|
||||
|
||||
from mozilla_django_oidc.urls import urlpatterns as mozzila_oidc_urls
|
||||
|
||||
from .views import OIDCLogoutCallbackView, OIDCLogoutView
|
||||
|
||||
urlpatterns = [
|
||||
# Override the default 'logout/' path from Mozilla Django OIDC with our custom view.
|
||||
path("logout/", OIDCLogoutView.as_view(), name="oidc_logout_custom"),
|
||||
path(
|
||||
"logout-callback/",
|
||||
OIDCLogoutCallbackView.as_view(),
|
||||
name="oidc_logout_callback",
|
||||
),
|
||||
*mozzila_oidc_urls,
|
||||
]
|
||||
Reference in New Issue
Block a user