abompard
commented
1 year ago Hi! Which version of flask-oidc are you running? I don't see a logout route applied to the main app in the current code.
Open oculos opened 1 year ago
abompard
commented
1 year ago Hi! Which version of flask-oidc are you running? I don't see a logout route applied to the main app in the current code.
brucewilson
commented
2 months ago I know this is an old issue but I had the same issue. It took me too long to figure this out but that route is defined in https://github.com/fedora-infra/flask-oidc/blob/develop/flask_oidc/views.py#L78
And, in case this is useful to other people trying to fix logout, this version doesn't log the user out of their keycloak session so I ended up defining a different route ("/logmeout") which does this:
from yarl import URL
@server.route('/logmeout')
@oidc.require_login
def logout():
url = oidc.client_secrets.get('issuer')
referer = URL(request.headers.get('Referer'))
hosturl = referer.origin()
# make flask-oidc throw away the auth token
session.pop('oidc_auth_token')
# make keycloak throw away the session
return redirect('%s/protocol/openid-connect/logout?client_id=myclient-app&post_logout_redirect_uri=%s' %
(url, hosturl))Thanks for posting here @brucewilson !
It looks like this relies on the RP-Initiated Logout spec, which is not a draft anymore. There is even an Authlib ticket about implementing it there, Authlib being the library we use in flask-oidc. Once they have implemented it, I'd be happy to add it to Flask-OIDC, or review a PR that would add it.
In the meantime I hope your implementation will help other users, thanks again!
brucewilson
commented
2 months ago Oh, it would be great to have it implemented by flask-oidc!
I am trying to modify the
@app.route('/logout')function.
However, even if I erase the decoration and the function, I still get a default behavior for the /logout endpoint, which is a redirect to the root url.
Is it so? Is there a way to configure it differently?