Skip to content

Commit

Permalink
Merge pull request #8512 from pedroigor/issue-4481
Browse files Browse the repository at this point in the history 
[fixes #4481] - RP-Initiated Logout and session verification
  • Loading branch information
@sberyozkin
sberyozkin authored Apr 20, 2020
2 parents c2f1a8c + 78a539f commit 4b4723d
Show file tree
Hide file tree
Showing 13 changed files with 471 additions and 87 deletions.
81 changes: 81 additions & 0 deletions extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@ public class OidcTenantConfig {
@ConfigItem
public Optional<String> jwksPath = Optional.empty();

/**
* Relative path of the OIDC end_session_endpoint.
*/
@ConfigItem
public Optional<String> endSessionPath = Optional.empty();
/**
* Public key for the local JWT token verification.
*/
Expand Down Expand Up @@ -107,6 +112,12 @@ public class OidcTenantConfig {
@ConfigItem
public Tls tls = new Tls();

/**
* Logout configuration
*/
@ConfigItem
public Logout logout = new Logout();

@ConfigGroup
public static class Tls {
public enum Verification {
Expand Down Expand Up @@ -137,6 +148,41 @@ public void setVerification(Verification verification) {

}

@ConfigGroup
public static class Logout {

/**
* The relative path of the logout endpoint at the application. If provided, the application is able to initiate the
* logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification.
*/
@ConfigItem
public Optional<String> path = Optional.empty();

/**
* Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID
* Connect Provider.
* This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI.
*/
@ConfigItem
public Optional<String> postLogoutPath = Optional.empty();

public void setPath(Optional<String> path) {
this.path = path;
}

public String getPath() {
return path.get();
}

public void setPostLogoutPath(Optional<String> postLogoutPath) {
this.postLogoutPath = postLogoutPath;
}

public Optional<String> getPostLogoutPath() {
return postLogoutPath;
}
}

public Optional<Duration> getConnectionDelay() {
return connectionDelay;
}
Expand Down Expand Up @@ -169,6 +215,14 @@ public void setJwksPath(String jwksPath) {
this.jwksPath = Optional.of(jwksPath);
}

public Optional<String> getEndSessionPath() {
return endSessionPath;
}

public void setEndSessionPath(String endSessionPath) {
this.endSessionPath = Optional.of(endSessionPath);
}

public Optional<String> getPublicKey() {
return publicKey;
}
Expand Down Expand Up @@ -233,6 +287,14 @@ public void setProxy(Proxy proxy) {
this.proxy = proxy;
}

public void setLogout(Logout logout) {
this.logout = logout;
}

public Logout getLogout() {
return logout;
}

@ConfigGroup
public static class Credentials {

Expand Down Expand Up @@ -540,6 +602,17 @@ public static Token fromAudience(String... audience) {
@ConfigItem
public Optional<String> principalClaim = Optional.empty();

/**
* Refresh expired ID tokens.
* If this property is enabled then a refresh token request is performed and, if successful, the local session is
* updated with the new set of tokens.
* Otherwise, the local session is invalidated as an indication that the session at the OpenID Provider no longer
* exists.
* This option is only valid when the application is of type {@link ApplicationType#WEB_APP}}.
*/
@ConfigItem
public boolean refreshExpired;

public Optional<String> getIssuer() {
return issuer;
}
Expand Down Expand Up @@ -571,6 +644,14 @@ public Optional<String> getPrincipalClaim() {
public void setPrincipalClaim(String principalClaim) {
this.principalClaim = Optional.of(principalClaim);
}

public boolean isRefreshExpired() {
return refreshExpired;
}

public void setRefreshExpired(boolean refreshExpired) {
this.refreshExpired = refreshExpired;
}
}

@ConfigGroup
Expand Down
Loading

0 comments on commit 4b4723d

Please sign in to comment.