rgraber
commented
4 days ago Hello! We have so far been unable to reproduce this issue. Can you give us a few more details about your setup? Specifically, which OIDC provider are you using? Also is this in a prod/stage/dev environment? It would also be useful to know any other related auth-related configurations you may have changed in your env
dik23
Description
Once logged in with a social application using OIDC it's not possible to log out again
Steps to Reproduce
Expected behavior
I would expect the logout in Kobo to log out of the OIDC provider using one of the many options available. If not as default then as an option
Actual behavior
User is still logged into the OIDC provider
Additional details
When the user signs up for SSO they're provided with the message
Afterwards, you will only be able to sign in via SSO unless you disable this setting hereThis means that it's impossible for a second SSO user to log in, because the original user is logged in and the second user can only log in with SSO
Things I've tried
Putting
LOGOUT_REDIRECT_URLin envfile.txt, envfiles/kpi.txt and runtime_variables_kpi.source.bashAdding various options along with
"server_url": "https://into the django admin > Social applications > Settings field in Kobo including"LOGOUT_REDIRECT_URL": "https://,"ACCOUNT_LOGOUT_ON_GET": "True","post_logout_redirect_uri": "https://,"prompt": "consent","http_logout_supported": "true","logout_session_supported": "true","end_session_endpoint": "https://,"frontchannel_logout_uri": "https://,"frontchannel_logout_session_required": "true","frontchannel_logout_session_supported": "true"At no point can the user logout
Other information
This looks similar to this issue in django-allauth, which includes a couple of ways that people have worked around