Clear site data on logout #232
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hawtio-logout-redirect.mp4 |
* Since the Clear-Site-Data header is a server header, we must provide a server-based /logout page to redirect to. However, we want this page to then redirect automatically to the given login provider page * webpack.config.js * Provides a server-side redirect in the oAuthApp devServer that implements a landing page for the logout, complete with the server header * redirectlogin.html * Implementation of the /logout oAuthApp page, which provides a countdown to redirect to the search param provided 'redirect_uri' page * Also provides a direct immediately link * If there is no 'redirect_uri' parameter then an error is displayed. It is expected that servers will not allow this url to be displayed on its own. * urls.ts * Provides common functions for testing for a /logout url if it exists and redirect() * osoauth-service.ts * Differentiate between logout and login operations since the former needs to clear storage and redirect to /login endpoint * tryLogin function to try redirecting to /login page directly * openshift/support.ts * form-service.ts * When a logout occurs, the login url is built then passed to logoutRedirect. If the /logout endpoint is available then redirects to that; otherwise redirects directly to login url
phantomjinx
force-pushed
the
logout-redirect
branch
2 times, most recently
from
f9f348f to
0851852
Compare
* form-auth-login-service.ts * Uses the common redirect function now provided by urls.ts * ouath-service.ts * adds in missed-out necessary 'await'
* Dockerfile
* Copies production version of redirectlogin.html to container image
* docker/*
* Modifies nginx config to respond to /logout location with html page
complete with the response headers
phantomjinx
force-pushed
the
logout-redirect
branch
from
0851852 to
18a835a
Compare
tadayosi
reviewed
Dec 4, 2023
* Synchronous function should not require it and since createLogin uses tryLogin rather than doLogout, the async redirection is not executed by it anymore
* oauth * Adds global var for centralising endpoint value * Updates the endpoint target to be /auth/logout rather than /logout * oauth-app / online-shell * Updates webpack config of dev server to handle /auth/logout and to redirect directly rather than going to a landing page * Landing page removed * docker * Removes landing page from Dockerfile * Adds JS function for decoding URIs to njinx.js. Since pure njinx lacks ability to decode a URI this is essential to ensure that the encoded url encapsulated in the redirect_uri parameter is properly processed * Updates nginx config to provide 'decodeRedirectURI' function and uses in /auth/logout location.
|
So one thing to note ... In order for nginx to be able to successfully redirect to the login provider page, a conversion has to be performed to decode the URI encapsulated in the |
tadayosi
reviewed
Dec 5, 2023
tadayosi
approved these changes
Dec 5, 2023
* Remove async but need to conform with interface
tadayosi
approved these changes
Dec 5, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since the header "Clear-Site-Data" is a server response header, the app must be directed to a landing page on logout that will allow this header to be communicated.
Provides a redirect page that when the user does a logout then are redirected first to the /logout url. This displays a "Going to provider login" page that countsdown then redirects after 5 seconds (or if the user clicks the link directly). This page provides the "Clear-Site-Data" header when called and clears the users storage for the domain.