cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add configuration support for back channel logout

Browse source
This commit is contained in:
Livio Spring 2024-09-26 09:21:26 +02:00
parent 3b64e792ed
commit 1a0238155c
No known key found for this signature in database
GPG key ID: 26BB1C2FA5952CF0
5 changed files with 64 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pkg/oidc/discovery.go
View file

@ -145,6 +145,14 @@ type DiscoveryConfiguration struct {
// OPTermsOfServiceURI is a URL the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service. // OPTermsOfServiceURI is a URL the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service.
OPTermsOfServiceURI string `json:"op_tos_uri,omitempty"` OPTermsOfServiceURI string `json:"op_tos_uri,omitempty"`
// BackChannelLogoutSupported specifies whether the OP supports back-channel logout (https://openid.net/specs/openid-connect-backchannel-1_0.html),
// with true indicating support. If omitted, the default value is false.
BackChannelLogoutSupported bool `json:"backchannel_logout_supported,omitempty"`
// BackChannelLogoutSessionSupported specifies whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP.
// If supported, the sid Claim is also included in ID Tokens issued by the OP. If omitted, the default value is false.
BackChannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported,omitempty"`
} }
type AuthMethod string type AuthMethod string

5
pkg/op/client.go
View file

@ -51,6 +51,11 @@ type Client interface {
ClockSkew() time.Duration ClockSkew() time.Duration
} }
type ClientBackChannelLogout interface {
Client
BackChannelLogoutURI() string
}
// HasRedirectGlobs is an optional interface that can be implemented by implementors of // HasRedirectGlobs is an optional interface that can be implemented by implementors of
// Client. See https://pkg.go.dev/path#Match for glob // Client. See https://pkg.go.dev/path#Match for glob
// interpretation. Redirect URIs that match either the non-glob version or the // interpretation. Redirect URIs that match either the non-glob version or the

3
pkg/op/config.go
View file

@ -49,6 +49,9 @@ type Configuration interface {
SupportedUILocales() []language.Tag SupportedUILocales() []language.Tag
DeviceAuthorization() DeviceAuthorizationConfig DeviceAuthorization() DeviceAuthorizationConfig
BackChannelLogoutSupported() bool
BackChannelLogoutSessionSupported() bool
} }
type IssuerFromRequest func(r *http.Request) string type IssuerFromRequest func(r *http.Request) string

28
pkg/op/mock/configuration.mock.go
View file

@ -78,6 +78,34 @@ func (mr *MockConfigurationMockRecorder) AuthorizationEndpoint() *gomock.Call {
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthorizationEndpoint", reflect.TypeOf((*MockConfiguration)(nil).AuthorizationEndpoint)) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthorizationEndpoint", reflect.TypeOf((*MockConfiguration)(nil).AuthorizationEndpoint))
} }
// BackChannelLogoutSessionSupported mocks base method.
func (m *MockConfiguration) BackChannelLogoutSessionSupported() bool {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "BackChannelLogoutSessionSupported")
ret0, _ := ret[0].(bool)
return ret0
}
// BackChannelLogoutSessionSupported indicates an expected call of BackChannelLogoutSessionSupported.
func (mr *MockConfigurationMockRecorder) BackChannelLogoutSessionSupported() *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BackChannelLogoutSessionSupported", reflect.TypeOf((*MockConfiguration)(nil).BackChannelLogoutSessionSupported))
}
// BackChannelLogoutSupported mocks base method.
func (m *MockConfiguration) BackChannelLogoutSupported() bool {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "BackChannelLogoutSupported")
ret0, _ := ret[0].(bool)
return ret0
}
// BackChannelLogoutSupported indicates an expected call of BackChannelLogoutSupported.
func (mr *MockConfigurationMockRecorder) BackChannelLogoutSupported() *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BackChannelLogoutSupported", reflect.TypeOf((*MockConfiguration)(nil).BackChannelLogoutSupported))
}
// CodeMethodS256Supported mocks base method. // CodeMethodS256Supported mocks base method.
func (m *MockConfiguration) CodeMethodS256Supported() bool { func (m *MockConfiguration) CodeMethodS256Supported() bool {
m.ctrl.T.Helper() m.ctrl.T.Helper()

10
pkg/op/op.go
View file

@ -168,6 +168,8 @@ type Config struct {
SupportedUILocales []language.Tag SupportedUILocales []language.Tag
SupportedClaims []string SupportedClaims []string
DeviceAuthorization DeviceAuthorizationConfig DeviceAuthorization DeviceAuthorizationConfig
BackChannelLogoutSupported bool
BackChannelLogoutSessionSupported bool
} }
// Endpoints defines endpoint routes. // Endpoints defines endpoint routes.
@ -411,6 +413,14 @@ func (o *Provider) DeviceAuthorization() DeviceAuthorizationConfig {
return o.config.DeviceAuthorization return o.config.DeviceAuthorization
} }
func (o *Provider) BackChannelLogoutSupported() bool {
return o.config.BackChannelLogoutSupported
}
func (o *Provider) BackChannelLogoutSessionSupported() bool {
return o.config.BackChannelLogoutSessionSupported
}
func (o *Provider) Storage() Storage { func (o *Provider) Storage() Storage {
return o.storage return o.storage
} }