Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[full-ci] Implement backchannel logout #6007

Merged
merged 18 commits into from
Apr 20, 2023
Merged

[full-ci] Implement backchannel logout #6007

merged 18 commits into from
Apr 20, 2023

Conversation

dragonchaser
Copy link
Contributor

@dragonchaser dragonchaser commented Apr 4, 2023
edited
Loading

This PR adds an endpoint for the backchannel logout /backchannel_logout.
It can be triggered via a POST request with a special crafted logout token see: https://openid.net/specs/openid-connect-backchannel-1_0.html section 2.4 for the structure.

NOTE: we have added a special http-handler wrapper to the proxy to intercept predefined routes in the proxy before they are passed on to the services! https://github.com/dragonchaser/ocis/blob/backchannellogout/services/proxy/pkg/command/server.go#L200. In future this should be used for terminating stuff like oidc-well-knowns to avoid implementation as middlewares.

refs #3521

@update-docs
Copy link

update-docs bot commented Apr 4, 2023

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@ownclouders
Copy link
Contributor

ownclouders commented Apr 4, 2023
edited
Loading

E2E tests failed: https://drone.owncloud.com/owncloud/ocis/21457/88/1

💥 To see the trace, please open the link in the console ...

npx playwright show-trace https://cache.owncloud.com/public/owncloud/ocis/21457/tracing/folder-alice-2023-4-18-10-34-41.zip

npx playwright show-trace https://cache.owncloud.com/public/owncloud/ocis/21457/tracing/folder-brian-2023-4-18-10-34-55.zip

@dragonchaser dragonchaser force-pushed the backchannellogout branch 2 times, most recently from 2ad9053 to f4e8353 Compare April 11, 2023 13:49
@butonic butonic requested a review from kulmann as a code owner April 12, 2023 15:04
@dragonchaser dragonchaser force-pushed the backchannellogout branch 7 times, most recently from ab95306 to 052e836 Compare April 18, 2023 07:17
@dragonchaser dragonchaser changed the title [WIP] -- DO NOT MERGE -- refactor proxy for backchannel logout [full-ci] Implement backchannel logout Apr 18, 2023
kobergj
kobergj requested changes Apr 19, 2023
View reviewed changes
Copy link
Collaborator

@kobergj kobergj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found some smaller ones 😉

ocis-pkg/oidc/client.go Outdated Show resolved Hide resolved
ocis-pkg/oidc/client.go Outdated Show resolved Hide resolved
ocis-pkg/oidc/client.go Outdated Show resolved Hide resolved
ocis-pkg/oidc/client.go Show resolved Hide resolved
ocis-pkg/oidc/client.go Show resolved Hide resolved
ocis-pkg/oidc/options.go Outdated Show resolved Hide resolved
services/proxy/pkg/command/server.go Outdated Show resolved Hide resolved
services/proxy/pkg/command/server.go Show resolved Hide resolved
services/proxy/pkg/config/config.go Outdated Show resolved Hide resolved
services/proxy/pkg/middleware/oidc_auth.go Outdated Show resolved Hide resolved
rhafer
rhafer suggested changes Apr 19, 2023
View reviewed changes
services/proxy/pkg/command/server.go Outdated Show resolved Hide resolved
dragonchaser and others added 10 commits April 19, 2023 17:32
@dragonchaser
extract full claims from jwt token to get session id
a3640b0 
Signed-off-by: Christian Richter <[email protected]>
@butonic @dragonchaser
add missing error check, redirect stub
97894ac 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@butonic @dragonchaser
introduce oidc client, based on coreos go-oidc
014308d 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@butonic @dragonchaser
use our oidc client
58dce9b 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@butonic @dragonchaser
small cleanup
469534b 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@butonic @dragonchaser
move verify access token code to oidc client
b608d0b 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@butonic @dragonchaser
work on logout
bc15b8a 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@dragonchaser
Refactor caches
a900d0e 
Signed-off-by: Christian Richter <[email protected]>
@butonic @dragonchaser
implement backchannel logout, reuse useringo cache
dc399a6 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@butonic @dragonchaser
move code, delete duplicate lines
a98a880 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
butonic and others added 4 commits April 19, 2023 17:32
@butonic @dragonchaser
properly parse logout request
d2d7c49 
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
@dragonchaser
fix contexts, render result
15691ae 
Signed-off-by: Christian Richter <[email protected]>
@dragonchaser
add tests for oidc backchannel logout
e88a0d7 
Signed-off-by: Christian Richter <[email protected]>
@dragonchaser
add missing http method
3d6d4c7 
Signed-off-by: Christian Richter <[email protected]>
@dragonchaser
incorporate requested changes
30bcf32 
Signed-off-by: Christian Richter <[email protected]>
dragonchaser and others added 2 commits April 20, 2023 10:19
@dragonchaser @kobergj
Simplifiy Unmarshall function for stringAsBool struct
a6ced1f 
Co-authored-by: Julian Koberg <[email protected]>
Signed-off-by: Christian Richter <[email protected]>
@dragonchaser dragonchaser mentioned this pull request Apr 20, 2023
Closed
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 8 Code Smells

27.4% 27.4% Coverage
0.0% 0.0% Duplication

@dragonchaser dragonchaser merged commit ed59d25 into owncloud:master Apr 20, 2023
ownclouders pushed a commit that referenced this pull request Apr 20, 2023
@dragonchaser
Merge pull request #6007 from dragonchaser/backchannellogout
86fc6d6 
[full-ci] Implement backchannel logout
@micbar micbar mentioned this pull request Apr 25, 2023
Closed
@dragonchaser dragonchaser deleted the backchannellogout branch February 6, 2024 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmattel mmattel mmattel left review comments

@kobergj kobergj kobergj approved these changes

@rhafer rhafer rhafer approved these changes

@kulmann kulmann Awaiting requested review from kulmann

@micbar micbar Awaiting requested review from micbar

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dragonchaser @ownclouders @rhafer @mmattel @kobergj @butonic