search

nginxinc / kubernetes-ingress

NGINX and NGINX Plus Ingress Controllers for Kubernetes
https://docs.nginx.com/nginx-ingress-controller
Apache License 2.0
4.59k stars 1.95k forks source link

Be logged out on IDP side #4989

Open llomgui opened 5 months ago

llomgui commented 5 months ago

Is your feature request related to a problem? Please describe. With the current oidc configuration, if you go on https://domain.org/logout, it only clears the cookies from Nginx perspective, not from IDP. As describe in Auth0 documentation, you need to redirect the user on IDP's logout endpoint.

Describe the solution you'd like The solution is to redirect the user on IDP's logout endpoint with the correct arguments. On the IDP side, you can specify the Nginx logout endpoint /_logout and then Nginx will redirect to a final page https://domain.org/login.

Nginx teams already done that in a previous project. Not implemented on this one. https://github.com/nginx-openid-connect/nginx-oidc-auth0/blob/main/oidc.js#L178 https://github.com/nginx-openid-connect/nginx-oidc-auth0/blob/main/oidc_nginx_server.conf#L132

### UACs
- [ ] Test and validate changes in https://github.com/nginxinc/kubernetes-ingress/pull/4986 with [updates merged to NGINX OIDC repo](https://github.com/nginxinc/nginx-openid-connect/pull/96)
github-actions[bot] commented 5 months ago

Hi @llomgui thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this :slightly_smiling_face:

Cheers!

brianehlert commented 2 weeks ago

The OIDC reference implementation has been updated and NIC needs to be refreshed to align. @danielnginx @shaun-nx