feat(auth): enhance logout process to support RP-Initiated Logout for OIDC users
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m35s
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m35s
This commit is contained in:
@@ -21,6 +21,7 @@ import { v4 as uuidv4 } from 'uuid';
|
||||
import { getDb } from '../config/database.js';
|
||||
import { generateToken, getBaseUrl } from '../middleware/auth.js';
|
||||
import { log } from '../config/logger.js';
|
||||
import redis from '../config/redis.js';
|
||||
import {
|
||||
getOAuthConfig,
|
||||
discoverOIDC,
|
||||
@@ -248,6 +249,15 @@ router.get('/callback', callbackLimiter, async (req, res) => {
|
||||
// Generate JWT
|
||||
const token = generateToken(user.id);
|
||||
|
||||
// Store id_token in Redis for RP-Initiated Logout (Keycloak SLO)
|
||||
if (tokenResponse.id_token) {
|
||||
try {
|
||||
await redis.setex(`oidc:id_token:${user.id}`, 7 * 24 * 3600, tokenResponse.id_token);
|
||||
} catch (redisErr) {
|
||||
log.auth.warn(`Failed to cache OIDC id_token: ${redisErr.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
// Redirect to frontend callback page with token.
|
||||
// Use a hash fragment so the token is never sent to the server (not logged, not in Referer headers).
|
||||
const returnTo = stateData.return_to || '/dashboard';
|
||||
|
||||
Reference in New Issue
Block a user