Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC logout #3456

Merged
merged 10 commits into from
Oct 14, 2021
Merged

OIDC logout #3456

merged 10 commits into from
Oct 14, 2021

Conversation

tomas-langer
Copy link
Member

Resolves #3306

I had to refactor OidcConfig, as the build method was too long, and the class had too many lines (reported by checkstyle).

New features:

  • customizable name of cookie for token and for id token
  • customizable encryption of token in cookie (disabled by default) and id token in cookie (enabled by default)
  • support for logout (default endpoint is /oidc/logout - removes Helidon cookies, redirects to OIDC server to log out)

Logout is disabled by default, as it requires an unsecured "post-logout-uri" to work correctly. Also as encryption is required, users should provide either a master password or a encryption configuration name.

@tomas-langer
squashable
c9e13ba 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer
Squashable
0813fc9 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer
Squashable
b22cfb4 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer
Squashable
640c9cb 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer
Squashable
1dc494d 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer
Refactored OidcConfig as it was too big.
7ff9091 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer
Only require encryption for the id token when it is expected to be used
f1aeea7 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer tomas-langer self-assigned this Sep 30, 2021
@tomas-langer tomas-langer added this to the 2.4.0 milestone Sep 30, 2021
@tomas-langer
Shortened class
9d425b4 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer tomas-langer mentioned this pull request Oct 5, 2021
Closed
danielkec
danielkec reviewed Oct 7, 2021
View reviewed changes
...viders/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcMetadata.java Outdated Show resolved Hide resolved
...s/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcCookieHandler.java Outdated Show resolved Hide resolved
...roviders/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcConfig.java Outdated Show resolved Hide resolved
...roviders/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcConfig.java Outdated Show resolved Hide resolved
...roviders/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/OidcConfig.java Outdated Show resolved Hide resolved
security/jwt/src/main/java/io/helidon/security/jwt/JwtHeaders.java Outdated Show resolved Hide resolved
security/jwt/src/main/java/io/helidon/security/jwt/JwtHeaders.java Show resolved Hide resolved
security/jwt/src/main/java/io/helidon/security/jwt/JwtHeaders.java Show resolved Hide resolved
security/jwt/src/main/java/io/helidon/security/jwt/EncryptedJwt.java Show resolved Hide resolved
microprofile/jwt-auth/src/main/java/io/helidon/microprofile/jwt/auth/JwtAuthProvider.java Outdated Show resolved Hide resolved
@tomas-langer
Merge remote-tracking branch 'origin/master' into 3306-oidc-logout
d55261a 
# Conflicts:
#	security/providers/oidc-common/pom.xml
#	security/providers/oidc-common/src/main/java/module-info.java
@tomas-langer
Merged with master and review fixes.
dc9c3da 
Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
@tomas-langer tomas-langer mentioned this pull request Oct 13, 2021
Closed
@tomas-langer tomas-langer merged commit 40934aa into helidon-io:master Oct 14, 2021
@tomas-langer tomas-langer deleted the 3306-oidc-logout branch October 14, 2021 13:46
dalexandrov pushed a commit to dalexandrov/helidon that referenced this pull request Oct 21, 2021
@tomas-langer @dalexandrov
OIDC logout (helidon-io#3456)
5c8d1a0 
* Support for OIDC logout when using cookies.
* Refactored OidcConfig as it was too big.
* Only require encryption for the id token when it is expected to be used.

Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielkec danielkec danielkec approved these changes

@Verdent Verdent Awaiting requested review from Verdent

Assignees

@tomas-langer tomas-langer

Labels
None yet
Projects
None yet
Milestone
2.4.0
Development

Successfully merging this pull request may close these issues.

OIDC logout support
2 participants
@tomas-langer @danielkec