Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2/OpenID - Logout - State param missing #182

Closed
Gaetanbrl opened this issue Feb 13, 2025 · 3 comments
Closed

OAuth2/OpenID - Logout - State param missing #182

Gaetanbrl opened this issue Feb 13, 2025 · 3 comments

Comments

@Gaetanbrl
Copy link

Gaetanbrl commented Feb 13, 2025
edited
Loading

ref #175

ProConnect FS needs state params to accept a logout request (here expected params documentation).

However, the Gateway, don't return this param and ProConnect Logout request fail (bad request status).

Here an expected (valid) ProConnect Logout request (example from previous doc link).

state=3b7bd7fb38ccab89864563f17a89c4cb3bd400164ce828b4cfc2cb01ce8ed9da&

GET /api/v2/session/end?id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3MDRlMDI0Mj
I5MDE1ZDJiZDQ3ZjdhNWU1YWIwNWIzNWM4MzM2YWI0MDNjMzgwMjI5ODVmOGNmYWRjODZmZTkxIiwiYW1yIjpbInB3ZCJdLCJ
hdXRoX3RpbWUiOjE2Njg1MzAzMjYsImFjciI6ImVpZGFzMSIsIm5vbmNlIjoiYWZjODFmZGExZmJiNmQzYzg3NmFmNzVjNzM3
YTEzMDdhMWIyOWJhMDg3M2VmYTA1OWU0NTM1ZDEyMmM5ZGI1YSIsImF0X2hhc2giOiJJVEJTV1J2NW1HRmxxTGQ0Sm5nbnRnI
iwiYXVkIjoiNjkyNWZiODE0M2M3NmVkZWQ0NGQzMmI0MGMwY2IxMDA2MDY1ZjdmMDAzZGU1MjcxMmI3ODk4NTcwNGYzOTk1MC
IsImV4cCI6MTY2ODUzMDM4NiwiaWF0IjoxNjY4NTMwMzI2LCJpc3MiOiJodHRwczovL2ZjYS5pbnRlZzAxLmRldi1hZ2VudGN
vbm5lY3QuZnIvYXBpL3YyIn0.hg1n4WJbzZECwz4VldAybXYreEXJ4fxpSWqDs9V4tTk&
state=3b7bd7fb38ccab89864563f17a89c4cb3bd400164ce828b4cfc2cb01ce8ed9da&
post_logout_redirect_uri=https%3A%2F%2Ffsa1v2.integ01.dev-agentconnect.fr%2Flogout-callback HTTP/1.1
Host: fca.integ01.dev-agentconnect.fr
@Gaetanbrl Gaetanbrl changed the title OAuth2/OpenID - Logout - State missing OAuth2/OpenID - Logout - State param missing Feb 13, 2025
@Gaetanbrl
Copy link
Author

This STATE params seems not includes in spring-security-oauth2-client end point URI builder...

https://github.com/spring-projects/spring-security/blob/31fb7feed5fdb8722639254661208d5eebf460cd/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java#L109-L116

See default query params (state missing) :

Image

@Gaetanbrl
Copy link
Author

Does anyone know how to add this parameter to the logout URL?

Thanks.

@Gaetanbrl
Copy link
Author

I close,
Logout error is due to wrong post logout redirect url.

ProConnect side action is required to match URLs correctly.

See :

georchestra-gateway/gateway/src/main/java/org/georchestra/gateway/security/oauth2/OAuth2Configuration.java

Line 124 in 2f86428

logoutHandler.setPostLogoutRedirectUri("{baseUrl}/login?logout");

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gaetanbrl