sendnrw/pocket-id
2
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-05-20 11:59:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: delete OAuth refresh token on RP initiated logout (#1480)

Browse Source
This commit is contained in:
Elias Schneider
2026-05-19 17:05:44 +02:00
committed by GitHub
parent b9fdd530c0
commit 9dd3d319cf
16 changed files with 230 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/internal/controller/oidc_controller.go
View File

@@ -311,6 +311,12 @@ func (oc *OidcController) EndSessionHandler(c *gin.Context) {
// The validation was successful, so we can log out and redirect the user to the callback URL without confirmation
cookie.AddAccessTokenCookie(c, 0, "")
// Callback URL can be empty if none is configured
if callbackURL == "" {
c.Redirect(http.StatusFound, common.EnvConfig.AppURL+"/logout")
return
}
logoutCallbackURL, _ := url.Parse(callbackURL)
if input.State != "" {
q := logoutCallbackURL.Query()