From 671e47f53ce0de9a8a2bb44cd96e37417360efe6 Mon Sep 17 00:00:00 2001 From: Mart Aarma Date: Wed, 10 Nov 2021 12:01:40 +0200 Subject: [PATCH 1/2] feat: switch to async backchannel logout --- consent/strategy_default.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/consent/strategy_default.go b/consent/strategy_default.go index 6f67951fc05..fc967ae0bd3 100644 --- a/consent/strategy_default.go +++ b/consent/strategy_default.go @@ -26,7 +26,6 @@ import ( "net/url" "strconv" "strings" - "sync" "time" "github.com/ory/hydra/driver/config" @@ -696,13 +695,9 @@ func (s *DefaultStrategy) executeBackChannelLogout(ctx context.Context, r *http. tasks = append(tasks, task{url: c.BackChannelLogoutURI, clientID: c.OutfacingID, token: t}) } - var wg sync.WaitGroup hc := httpx.NewResilientClient() - wg.Add(len(tasks)) var execute = func(t task) { - defer wg.Done() - res, err := hc.PostForm(t.url, url.Values{"logout_token": {t.token}}) if err != nil { s.r.Logger().WithRequest(r).WithError(err). @@ -727,8 +722,6 @@ func (s *DefaultStrategy) executeBackChannelLogout(ctx context.Context, r *http. go execute(t) } - wg.Wait() - return nil } From 53a5a056393297c689fe0b25ded21fc921de6eef Mon Sep 17 00:00:00 2001 From: Mart Aarma Date: Tue, 12 Apr 2022 20:47:50 +0300 Subject: [PATCH 2/2] fix: documentation --- internal/httpclient-next/api/openapi.yaml | 2 ++ internal/httpclient-next/api_public.go | 4 ++++ internal/httpclient/client/public/public_client.go | 2 ++ oauth2/handler.go | 2 ++ spec/api.json | 2 +- spec/swagger.json | 2 +- 6 files changed, 12 insertions(+), 2 deletions(-) diff --git a/internal/httpclient-next/api/openapi.yaml b/internal/httpclient-next/api/openapi.yaml index 241aed290cd..17c7818e0ab 100644 --- a/internal/httpclient-next/api/openapi.yaml +++ b/internal/httpclient-next/api/openapi.yaml @@ -1653,6 +1653,8 @@ paths: https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-backchannel-1_0.html + + Back-channel logout is performed asynchronously and does not affect logout flow. operationId: disconnectUser responses: "302": diff --git a/internal/httpclient-next/api_public.go b/internal/httpclient-next/api_public.go index d29f8363063..be78a4a6b22 100644 --- a/internal/httpclient-next/api_public.go +++ b/internal/httpclient-next/api_public.go @@ -33,6 +33,8 @@ type PublicApi interface { https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-backchannel-1_0.html + + Back-channel logout is performed asynchronously and does not affect logout flow. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return PublicApiApiDisconnectUserRequest */ @@ -272,6 +274,8 @@ func (r PublicApiApiDisconnectUserRequest) Execute() (*http.Response, error) { https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-backchannel-1_0.html + +Back-channel logout is performed asynchronously and does not affect logout flow. * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @return PublicApiApiDisconnectUserRequest */ diff --git a/internal/httpclient/client/public/public_client.go b/internal/httpclient/client/public/public_client.go index 3b3961fea94..be170474c5a 100644 --- a/internal/httpclient/client/public/public_client.go +++ b/internal/httpclient/client/public/public_client.go @@ -64,6 +64,8 @@ type ClientService interface { https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-backchannel-1_0.html + +Back-channel logout is performed asynchronously and does not affect logout flow. */ func (a *Client) DisconnectUser(params *DisconnectUserParams, opts ...ClientOption) error { // TODO: Validate the params before sending diff --git a/oauth2/handler.go b/oauth2/handler.go index e6b68d5e8f6..0fa913e2061 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -121,6 +121,8 @@ func (h *Handler) SetRoutes(admin *x.RouterAdmin, public *x.RouterPublic, corsMi // - https://openid.net/specs/openid-connect-frontchannel-1_0.html // - https://openid.net/specs/openid-connect-backchannel-1_0.html // +// Back-channel logout is performed asynchronously and does not affect logout flow. +// // Schemes: http, https // // Responses: diff --git a/spec/api.json b/spec/api.json index b582a028000..be9614a9b00 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3411,7 +3411,7 @@ }, "/oauth2/sessions/logout": { "get": { - "description": "This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front-/Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html", + "description": "This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front-/Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html\n\nBack-channel logout is performed asynchronously and does not affect logout flow.", "operationId": "disconnectUser", "responses": { "302": { diff --git a/spec/swagger.json b/spec/swagger.json index fe257398757..8fe22a4c644 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1846,7 +1846,7 @@ }, "/oauth2/sessions/logout": { "get": { - "description": "This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front-/Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html", + "description": "This endpoint initiates and completes user logout at Ory Hydra and initiates OpenID Connect Front-/Back-channel logout:\n\nhttps://openid.net/specs/openid-connect-frontchannel-1_0.html\nhttps://openid.net/specs/openid-connect-backchannel-1_0.html\n\nBack-channel logout is performed asynchronously and does not affect logout flow.", "schemes": [ "http", "https"