Merge pull request #849 from vector-im/fix/oidc-logout

Fix OIDC logout
This commit is contained in:
Ajay Bura 2022-08-22 16:14:58 +05:30 committed by GitHub
commit b1737c5ad2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 21 deletions

View File

@ -481,12 +481,7 @@ export class Client {
throw new Error(`Could not find session for id ${this._sessionId}`);
}
try {
const hsApi = new HomeServerApi({
homeserver: sessionInfo.homeServer,
accessToken: sessionInfo.accessToken,
request: this._platform.request
});
await hsApi.logout({log}).response();
if (sessionInfo.oidcIssuer) {
const oidcApi = new OidcApi({
issuer: sessionInfo.oidcIssuer,
clientConfigs: this._platform.config.oidc.clientConfigs,
@ -495,11 +490,28 @@ export class Client {
encoding: this._platform.encoding,
crypto: this._platform.crypto,
});
await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access" });
if (sessionInfo.refreshToken) {
await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh" });
// if access token revocation fails then we still want to try and revoke the refresh token
try {
await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access_token" });
} catch (err) {
console.error(err);
}
if (sessionInfo.refreshToken) {
await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh_token" });
}
} else {
const hsApi = new HomeServerApi({
homeserver: sessionInfo.homeServer,
accessToken: sessionInfo.accessToken,
request: this._platform.request
});
await hsApi.logout({log}).response();
}
} catch (err) {
console.error(err)
}
} catch (err) {}
await this.deleteSession(log);
});
}

View File

@ -307,14 +307,14 @@ export class OidcApi<N extends object = SegmentType> {
async revokeToken({
token,
type,
}: { token: string, type: "refresh" | "access" }): Promise<void> {
}: { token: string, type: "refresh_token" | "access_token" }): Promise<void> {
const revocationEndpoint = await this.revocationEndpoint();
if (!revocationEndpoint) {
return;
}
const params = new URLSearchParams();
params.append("token_type", type);
params.append("token_type_hint", type);
params.append("token", token);
params.append("client_id", await this.clientId());
const body = params.toString();
@ -325,7 +325,6 @@ export class OidcApi<N extends object = SegmentType> {
const req = this._requestFn(revocationEndpoint, {
method: "POST",
headers,
format: "json",
body,
});