sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-16 07:16:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: make sure logout is only prompted from oidc flow

Browse Source 
Signed-off-by: jnfrati <nicofrati@gmail.com>
This commit is contained in:
jnfrati
2026-04-08 16:25:24 +02:00
parent cf541e785e
commit 16e43dadc6
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
idp/dex/provider.go
View File

@@ -496,7 +496,17 @@ func (p *Provider) Storage() storage.Storage {
// Handler returns the Dex server as an http.Handler for embedding in another server.
// The handler expects requests with path prefix "/oauth2/".
func (p *Provider) Handler() http.Handler {
return p.dexServer
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// NOTE: by default Dex will use the /logout route to only logout sessions, doesn't invalidate jwt tokens,
// to avoid confusion on users, we're not allowing for this, and only enable OIDC logout triggered through
// the dashboard which will invalidate both the session and the jwt token
if strings.HasSuffix(r.URL.Path, "/logout") && r.FormValue("id_token_hint") == "" {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}
p.dexServer.ServeHTTP(w, r)
})
}
// CreateUser creates a new user with the given email, username, and password.