client: add logout blueprint

* closes CERNDocumentServer/cds-rdm#16
jrcastro2 · Jun 19, 2023 · d159d6e · d159d6e
1 parent 45d4720
commit d159d6e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/invenio_oauthclient/contrib/settings.py b/invenio_oauthclient/contrib/settings.py
@@ -30,6 +30,7 @@ def __init__(
         request_token_url=None,
         precedence_mask=None,
         signup_options=None,
+        logout_url=None,
         **kwargs,
     ):
         """The constructor."""
@@ -57,6 +58,7 @@ def __init__(
             icon=icon,
             precedence_mask=precedence_mask,
             signup_options=signup_options,
+            logout_url=logout_url,
             params=dict(
                 base_url=self.base_url,
                 request_token_params=request_token_params,

diff --git a/invenio_oauthclient/handlers/base.py b/invenio_oauthclient/handlers/base.py
@@ -109,7 +109,9 @@ def base_authorized_signup_handler(resp, remote, *args, **kwargs):
     """
     # Remove any previously stored auto register session key
     session.pop(token_session_key(remote.name) + "_autoregister", None)
-
+    # We set the remote in the session to be aware of which one is being used and, on log out redirect to
+    # the correct URL set in the OAUTHCLIENT_REMOTE_APPS for each remote
+    session["OAUTHCLIENT_SESSION_REMOTE_NAME"] = remote.name
     # Store token in session
     # ----------------------
     # Set token in session - token object only returned if

diff --git a/invenio_oauthclient/views/client.py b/invenio_oauthclient/views/client.py
@@ -8,7 +8,7 @@
 
 """Client blueprint used to handle OAuth callbacks."""
 
-from flask import Blueprint, abort, current_app, redirect, request, url_for
+from flask import Blueprint, abort, current_app, redirect, request, session, url_for
 from flask_oauthlib.client import OAuthException
 from invenio_accounts.views import login as base_login
 from invenio_db import db
@@ -271,3 +271,20 @@ def rest_disconnect(remote_app):
         return _disconnect(remote_app)
     except OAuthRemoteNotFound:
         abort(404)
+
+
+@blueprint.route("/logout")
+def post_logout():
+    """Client logout view.
+
+    This URL should be called by setting `SECURITY_POST_LOGOUT_VIEW = /oauth/logout`
+    """
+    remote_name = session.pop("OAUTHCLIENT_SESSION_REMOTE_NAME", None)
+    if remote_name:
+        logout_url = current_app.config["OAUTHCLIENT_REMOTE_APPS"][remote_name].get(
+            "logout_url"
+        )
+        if logout_url:
+            return redirect(logout_url, code=302)
+
+    return redirect("/")