diff --git a/pkg/client/client.go b/pkg/client/client.go index 1d56462..25fe5be 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -2,6 +2,8 @@ package client import ( "errors" + "fmt" + "io" "net/http" "net/url" "reflect" @@ -78,8 +80,6 @@ type EndSessionCaller interface { HttpClient() *http.Client } -// CallEndSessionEndpoint terminates a session. The server may respond with -// a redirect, or it may not. If not, the returned URL will be nil. func CallEndSessionEndpoint(request interface{}, authFn interface{}, caller EndSessionCaller) (*url.URL, error) { req, err := httphelper.FormRequest(caller.GetEndSessionEndpoint(), request, Encoder, authFn) if err != nil { @@ -90,17 +90,21 @@ func CallEndSessionEndpoint(request interface{}, authFn interface{}, caller EndS return http.ErrUseLastResponse } resp, err := client.Do(req) + defer resp.Body.Close() + if resp.StatusCode < 200 || resp.StatusCode >= 400 { + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, err + } + return nil, fmt.Errorf("EndSession failure, %d status code: %s", resp.StatusCode, string(body)) + } + location, err := resp.Location() if err != nil { if errors.Is(err, http.ErrNoLocation) { return nil, nil } return nil, err } - defer resp.Body.Close() - location, err := resp.Location() - if err != nil { - return nil, err - } return location, nil } diff --git a/pkg/client/rp/relying_party.go b/pkg/client/rp/relying_party.go index e9dfd78..39c2fe7 100644 --- a/pkg/client/rp/relying_party.go +++ b/pkg/client/rp/relying_party.go @@ -575,8 +575,6 @@ func RefreshAccessToken(rp RelyingParty, refreshToken, clientAssertion, clientAs return client.CallTokenEndpoint(request, tokenEndpointCaller{RelyingParty: rp}) } -// EndSession terminates a session. The server may respond with -// a redirect, or it may not. If not, the returned URL will be nil. func EndSession(rp RelyingParty, idToken, optionalRedirectURI, optionalState string) (*url.URL, error) { request := oidc.EndSessionRequest{ IdTokenHint: idToken,