mirrors/vector-im-hydrogen-web
1
0
Fork 0
mirror of https://github.com/vector-im/hydrogen-web.git synced 2025-01-11 12:37:22 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #849 from vector-im/fix/oidc-logout

Browse Source 
Fix OIDC logout
This commit is contained in:
Ajay Bura 2022-08-22 16:14:58 +05:30 committed by GitHub
commit b1737c5ad2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/matrix/Client.js
View File

@ -481,12 +481,7 @@ export class Client {
throw new Error(`Could not find session for id ${this._sessionId}`); throw new Error(`Could not find session for id ${this._sessionId}`);
} }
try { try {
const hsApi = new HomeServerApi({ if (sessionInfo.oidcIssuer) {
homeserver: sessionInfo.homeServer,
accessToken: sessionInfo.accessToken,
request: this._platform.request
});
await hsApi.logout({log}).response();
const oidcApi = new OidcApi({ const oidcApi = new OidcApi({
issuer: sessionInfo.oidcIssuer, issuer: sessionInfo.oidcIssuer,
clientConfigs: this._platform.config.oidc.clientConfigs, clientConfigs: this._platform.config.oidc.clientConfigs,
@ -495,11 +490,28 @@ export class Client {
encoding: this._platform.encoding, encoding: this._platform.encoding,
crypto: this._platform.crypto, crypto: this._platform.crypto,
}); });
await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access" });
if (sessionInfo.refreshToken) { // if access token revocation fails then we still want to try and revoke the refresh token
await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh" }); try {
await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access_token" });
} catch (err) {
console.error(err);
}
if (sessionInfo.refreshToken) {
await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh_token" });
}
} else {
const hsApi = new HomeServerApi({
homeserver: sessionInfo.homeServer,
accessToken: sessionInfo.accessToken,
request: this._platform.request
});
await hsApi.logout({log}).response();
}
} catch (err) {
console.error(err)
} }
} catch (err) {}
await this.deleteSession(log); await this.deleteSession(log);
}); });
} }

5
src/matrix/net/OidcApi.ts
View File

@ -307,14 +307,14 @@ export class OidcApi<N extends object = SegmentType> {
async revokeToken({ async revokeToken({
token, token,
type, type,
}: { token: string, type: "refresh" | "access" }): Promise<void> { }: { token: string, type: "refresh_token" | "access_token" }): Promise<void> {
const revocationEndpoint = await this.revocationEndpoint(); const revocationEndpoint = await this.revocationEndpoint();
if (!revocationEndpoint) { if (!revocationEndpoint) {
return; return;
} }
const params = new URLSearchParams(); const params = new URLSearchParams();
params.append("token_type", type); params.append("token_type_hint", type);
params.append("token", token); params.append("token", token);
params.append("client_id", await this.clientId()); params.append("client_id", await this.clientId());
const body = params.toString(); const body = params.toString();
@ -325,7 +325,6 @@ export class OidcApi<N extends object = SegmentType> {
const req = this._requestFn(revocationEndpoint, { const req = this._requestFn(revocationEndpoint, {
method: "POST", method: "POST",
headers, headers,
format: "json",
body, body,
}); });