How to log out from a session?

[croessner]

Problem Statement

Good things first:

I can successfully use Ory-Hydra as OIDC-server with my project Nauthilus (which implements hydra endpoints...).

I see the login page and I can enter user, password, TOTP and the connection is established. Very well!

Not using default browser (Brave)

But now I wonder, how I could logout from the session? Viscosity does not use my default browser Brave. Also Safari seems not to be the browser Viscosity used to log in.

Hydra can remember a logged-in session for some time (in my case, a week). If you want to log out earlier, I would visit: https://oauth.******.me:4444/oauth2/sessions/logout

How can I log out from Viscosity?

As this project has listed SparkLabs, I hope this is the right place for my question.

Additional

I have added my env further down. Feel free to add Ory-Hydra and Nauthilus to your docs.

openvpn-auth-oauth2 logs

There are no issues when connecting.

Environment

• openvpn-auth-oauth2 Version: 1.22.4
• OpenVPN Server Version: 2.6.12-jammy0 (Repo from OpenVPN)
• Server OS: Ubuntu 22.04 LTS - ESM
• OpenVPN Client (flavor, OS): Viscosity 1.11.3 on macOS Sequoia
• Ory-Hydra (https://www.ory.sh/): 2.2.0
• Nauthilus (github.com/croessner/nauthilus): dev

My running config for this OIDC-provider looks like this, in case you want to add it to your docs:

CONFIG_OAUTH2_PROVIDER="generic"
CONFIG_OAUTH2_ISSUER="https://oauth.******.me:4444"
CONFIG_OAUTH2_CLIENT_ID="******"
CONFIG_OAUTH2_CLIENT_SECRET="******"
CONFIG_OAUTH2_SCOPES="openid profile"

Created hydra client like this:

docker exec -it hydra \
  hydra create oauth2-client \
    --endpoint https://oauth.******.me:4445 \
    --format json \
    --name "OpenVPN" \
    --grant-type authorization_code,refresh_token \
    --response-type token,code,id_token \
    --token-endpoint-auth-method client_secret_post \
    --redirect-uri https://oauth2-baseurl-goes-here/oauth2/callback \
    --scope openid,profile \
    --contact optional@mailaddress.tld \
    --owner optional@mailaddress.tld \
    --policy-uri https://******/datenschutz/ \
    --tos-uri https://******/impressum/ \
    --client-uri https://******/anwendungen/ \
    --skip-consent

[jkroepke]

There should be an option on Viscosity side to clear session cookies OR not store session cookies for the internal web view browser.

To my best knowledge, I guess such option does not exists, but that needs to be implemented on Viscosity side. If you are Viscosity customer, you may have to reach out the Viscosity support for that.