-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathendsession.go
47 lines (43 loc) · 1.35 KB
/
endsession.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package oidc
import (
"context"
"github.com/xslasd/x-oidc/ecode"
"github.com/xslasd/x-oidc/model"
)
// EndSessionRequest for the RP-Initiated Logout according to:
// https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
type EndSessionReq struct {
IdTokenHint string `schema:"id_token_hint"`
ClientID string `schema:"client_id"`
PostLogoutRedirectURI string `schema:"post_logout_redirect_uri"`
State string `schema:"state"`
UILocales string `json:"ui_locales" form:"ui_locales"` //SpaceDelimitedArray
}
func (o *OpenIDProvider) endSession(ctx context.Context, req *EndSessionReq) (string, error) {
if req.IdTokenHint == "" && req.ClientID == "" {
return "", ecode.EndSessionReqInvalid
}
m := model.EndSessionModel{
PostLogoutRedirectURI: req.PostLogoutRedirectURI,
State: req.State,
UILocales: req.UILocales,
}
if req.IdTokenHint != "" {
idTokenClaims, err := o.VerifyIDToken(ctx, req.IdTokenHint)
if err != nil {
return "", err
}
req.ClientID = idTokenClaims.ClientID
m.UserID = idTokenClaims.Subject
}
m.ClientID = req.ClientID
client, err := o.cfg.Storage.GetClientByClientID(ctx, m.ClientID)
if err != nil {
return "", err
}
redirectURI, err := client.EndSessionURL(ctx, m)
if err != nil {
return "", err
}
return redirectURI, nil
}