Merge pull request #849 from vector-im/fix/oidc-logout

Fix OIDC logout
2025-01-11 04:27:40 +01:00 · 2022-08-22 16:14:58 +05:30 · 2022-08-22 16:14:58 +05:30 · b1737c5ad2
commit b1737c5ad2
parent 6814609603 b602c16eb7
2 changed files with 32 additions and 21 deletions
--- a/src/matrix/Client.js
+++ b/src/matrix/Client.js
@ -481,25 +481,37 @@ export class Client {
                throw new Error(`Could not find session for id ${this._sessionId}`);
            }
            try {
-                const hsApi = new HomeServerApi({
-                    homeserver: sessionInfo.homeServer,
-                    accessToken: sessionInfo.accessToken,
-                    request: this._platform.request
-                });
-                await hsApi.logout({log}).response();
-                const oidcApi = new OidcApi({
-                    issuer: sessionInfo.oidcIssuer,
-                    clientConfigs: this._platform.config.oidc.clientConfigs,
-                    clientId: sessionInfo.oidcClientId,
-                    request: this._platform.request,
-                    encoding: this._platform.encoding,
-                    crypto: this._platform.crypto,
-                });
-                await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access" });
-                if (sessionInfo.refreshToken) {
-                    await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh" });
+                if (sessionInfo.oidcIssuer) {
+                    const oidcApi = new OidcApi({
+                        issuer: sessionInfo.oidcIssuer,
+                        clientConfigs: this._platform.config.oidc.clientConfigs,
+                        clientId: sessionInfo.oidcClientId,
+                        request: this._platform.request,
+                        encoding: this._platform.encoding,
+                        crypto: this._platform.crypto,
+                    });
+
+                    // if access token revocation fails then we still want to try and revoke the refresh token
+                    try {
+                        await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access_token" });
+                    } catch (err) {
+                        console.error(err);
+                    }
+        
+                    if (sessionInfo.refreshToken) {
+                        await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh_token" });
+                    }
+                } else {
+                    const hsApi = new HomeServerApi({
+                        homeserver: sessionInfo.homeServer,
+                        accessToken: sessionInfo.accessToken,
+                        request: this._platform.request
+                    });
+                    await hsApi.logout({log}).response();
                }
-            } catch (err) {}
+            } catch (err) {
+                console.error(err)
+            }
            await this.deleteSession(log);
        });
    }
--- a/src/matrix/net/OidcApi.ts
+++ b/src/matrix/net/OidcApi.ts
@ -307,14 +307,14 @@ export class OidcApi<N extends object = SegmentType> {
    async revokeToken({
        token,
        type,
-    }: { token: string, type: "refresh" | "access" }): Promise<void> {
+    }: { token: string, type: "refresh_token" | "access_token" }): Promise<void> {
        const revocationEndpoint = await this.revocationEndpoint();
        if (!revocationEndpoint) {
            return;
        }

        const params = new URLSearchParams();
-        params.append("token_type", type);
+        params.append("token_type_hint", type);
        params.append("token", token);
        params.append("client_id", await this.clientId());
        const body = params.toString();
@ -325,7 +325,6 @@ export class OidcApi<N extends object = SegmentType> {
        const req = this._requestFn(revocationEndpoint, {
            method: "POST",
            headers,
-            format: "json",
            body,
        });