search

stonith404 / pingvin-share

A self-hosted file sharing platform that combines lightness and beauty, perfect for seamless and efficient file sharing.
https://stonith404.github.io/pingvin-share/
BSD 2-Clause "Simplified" License
3.07k stars 224 forks source link

🚀 Feature: Option to logout from OpenID Connect provider #598

Open marvinruder opened 1 week ago

marvinruder commented 1 week ago

đź”– Feature description

Given a user logged in via OpenID Connect and the discovery URI response shows that a front channel logout is supported (i.e., the frontchannel_logout_supported is true and end_session_endpoint holds a URI), when clicking the “Sign out” button, then the user is logged out from the OpenID Connect provider by redirecting to the end_session_endpoint URI.

🎤 Pitch

Currently (since 7dc2e56fee1afc1078774cc702c0f1fee9bae938), logging out while only one OAuth provider is present and password login is disabled leads to a page reload and then a redirect to the login flow and I am logged in again immediately after. To log out in this setup one would have to log out from the OpenID Connect provider as well, which is supported by the OpenID Connect specification under the name of “Front-channel logout”.

alexlehm commented 1 week ago

I believe this would work if show homepage is on and the logout button would redirect to / instead of the current page like /upload

harukodi commented 1 week ago

I've encountered the same problem. Did you manage to find a solution?

alexlehm commented 1 week ago

As a temporary solution I would delete the cookie access_token and go to the start page (this requires the start page to be active of course)