Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for getting end_session_endpoint from OIDC Configuration #5540

Closed
mraible opened this issue Jul 18, 2018 · 5 comments
Closed

Add support for getting end_session_endpoint from OIDC Configuration #5540

mraible opened this issue Jul 18, 2018 · 5 comments
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.1.0.RC2

Comments

@mraible
Copy link
Contributor

mraible commented Jul 18, 2018
edited
Loading

Summary

Okta has an end_session_endpoint property that can be used to construct a global logout that happens on the client. Example code here.

It would be nice if Spring Security's OIDC support provided a way to access this end_session_endpoint. This property is present in ./well-known/openid-configuration.

Version

5.1.0.BUILD-SNAPSHOT

Sample

https://github.com/oktadeveloper/okta-spring-boot-react-crud-example/compare/spring-security-5.1
@mraible mraible mentioned this issue Jul 18, 2018
Merged
@jgrandja
Copy link
Contributor

Related #5350

@jgrandja jgrandja added New Feature in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jul 18, 2018
@jgrandja jgrandja added this to the 5.1.0.RC1 milestone Jul 18, 2018
@jgrandja
Copy link
Contributor

@mraible Thanks for the report!

There currently is OpenID Connect Discovery code in OidcConfigurationProvider. One of our tasks is to extract that bit of code so it can be re-used in other places within Spring Security.

We'll get this in for 5.1

@jgrandja jgrandja mentioned this issue Jul 19, 2018
Closed
@jgrandja jgrandja added status: duplicate A duplicate of another issue and removed New Feature labels Jul 19, 2018
@jgrandja jgrandja self-assigned this Jul 25, 2018
@jgrandja jgrandja added type: enhancement A general enhancement and removed status: duplicate A duplicate of another issue labels Jul 26, 2018
@jgrandja jgrandja removed their assignment Jul 26, 2018
@jgrandja jgrandja modified the milestones: General Backlog, 5.1.0.RC2 Aug 21, 2018
@jgrandja jgrandja self-assigned this Aug 23, 2018
jgrandja added a commit to jgrandja/spring-security that referenced this issue Aug 23, 2018
@jgrandja
ClientRegistration contains Provider Configuration Metadata
a22306f 
Fixes spring-projectsgh-5540
@jgrandja jgrandja mentioned this issue Aug 23, 2018
Closed
@jgrandja
Copy link
Contributor

jgrandja commented Sep 5, 2018

@mraible This is now available via 057587e.

To access end_session_endpoint do this:

ClientRegistration.getProviderDetails().getConfigurationMetadata().get("end_session_endpoint")

@mraible mraible mentioned this issue Sep 10, 2018
Open
@mraible
Copy link
Contributor Author

mraible commented Oct 23, 2018

@jgrandja Is it possible to inject the ClientRegistration into a RestController? It doesn't seem like it.

@rwinch
Copy link
Member

rwinch commented Oct 24, 2018
edited
Loading

@mraible You can pass in the ClientRegistrationRepository and look it up.

@Autowired
public void setClientRegistrationRepository(ClientRegistrationRepository registrations) {
    this.registration = registrations.findByRegistrationId("okta");
}

Alternatively you could use SpeL to get the ClientRegistration itself.

public void setClientRegistration(
    @Value("#{@clientRegistrationRepository.findByRegistrationId('okta')}") ClientRegistration clientRegistration) {
    this.registration = clientRegistration;
}

Of course you could take it a step further and just get the endpoint you want:

public void setEndpoint(
    @Value("#{@clientRegistrationRepository.findByRegistrationId('okta')?.providerDetails?.configurationMetadata['end_session_endpoint']}") String endpoint) {
    this.endpoint = endpoint;
}

If that is just too much SpEL you can place that into a Bean too:

@Component
class OktaMetadata {
    ClientRegistrationRepository r;
    OktaMetadata(ClientRegistrationRepository r) {
        this.r = r;
    }

    String getEndpoint() {
        return (String) this.r.findByRegistrationId("okta").getProviderDetails().getConfigurationMetadata().get(end_session_endpoint");
    }
}

public void setEndpoint(
    @Value("#{@oktaMetadata.endpoint}") String endpoint) {
    this.endpoint = endpoint;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.1.0.RC2
Development

No branches or pull requests
3 participants
@mraible @rwinch @jgrandja