groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: support bi-directional backchannel SAML SLO

Browse Source
This commit is contained in:
Ali BARIN
2024-05-03 08:28:53 +00:00
parent 40d0fe0db6
commit 3da5e13ecd
6 changed files with 137 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
packages/backend/src/models/access-token.js
View File

@@ -12,6 +12,7 @@ class AccessToken extends Base {
id: { type: 'string', format: 'uuid' },
userId: { type: 'string', format: 'uuid' },
token: { type: 'string', minLength: 32 },
samlSessionId: { type: ['string', 'null'] },
expiresIn: { type: 'integer' },
revokedAt: { type: ['string', 'null'], format: 'date-time' },
},
@@ -28,8 +29,37 @@ class AccessToken extends Base {
},
});
async terminateRemoteSamlSession() {
if (!this.samlSessionId) {
return;
}
const user = await this
.$relatedQuery('user');
const firstIdentity = await user
.$relatedQuery('identities')
.first();
const samlAuthProvider = await firstIdentity
.$relatedQuery('samlAuthProvider')
.throwIfNotFound();
const response = await samlAuthProvider.terminateRemoteSession(this.samlSessionId);
return response;
}
async revoke() {
return await this.$query().patch({ revokedAt: new Date().toISOString() });
const response = await this.$query().patch({ revokedAt: new Date().toISOString() });
try {
await this.terminateRemoteSamlSession();
} catch (error) {
// TODO: should it silently fail or not?
}
return response;
}
}