WIP: Use OIDC library signout function

THM-Health · Jul 25, 2024 · 863a94c · 863a94c
1 parent 4eb4847
commit 863a94c
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 12 deletions.
diff --git a/app/Auth/OIDC/OIDCController.php b/app/Auth/OIDC/OIDCController.php
@@ -101,17 +101,20 @@ public function logout(Request $request)
         }
     }
 
-    // FIXME: This is more or less a very ugly reimplementation of
-    //        https://github.com/jumbojett/OpenID-Connect-PHP/blob/master/src/OpenIDConnectClient.php#L436
-    //        without the redirect at the end and with a hard-coded end_session_endpoint.
-    public function logoutRedirectURL()
+    /**
+     * Frontchannel logout
+     */
+    public function signout(Request $request)
     {
-        $issuer = config('services.oidc.issuer');
-        $params = array(
-            'client_id' => config('services.oidc.client_id'),
-            'id_token_hint' => session('oidc_id_token'),
-            'post_logout_redirect_uri' => url('/logout'),
-        );
-        return "$issuer/protocol/openid-connect/logout?".http_build_query($params);
+        $this->oidc->signOut($request['id_token'], $request['logout_url']);
+    }
+
+    public function signoutRedirectURL(string $logout_url)
+    {
+        $params = [
+            'id_token' => session('oidc_id_token'),
+            'logout_url' => $logout_url,
+        ];
+        return url("/auth/oidc/signout?".http_build_query($params));
     }
 }
diff --git a/app/Http/Controllers/api/v1/auth/LoginController.php b/app/Http/Controllers/api/v1/auth/LoginController.php
@@ -72,7 +72,7 @@ public function logout(Request $request)
                 $redirect = app(ShibbolethProvider::class)->logout(url('/logout'));
                 break;
             case 'oidc':
-                $redirect = app(OIDCController::class)->logoutRedirectURL();
+                $redirect = app(OIDCController::class)->signoutRedirectURL(url('/logout'));
                 break;
         }
 

diff --git a/routes/web.php b/routes/web.php
@@ -35,6 +35,7 @@
     Route::get('auth/oidc/redirect', [OIDCController::class, 'redirect'])->name('auth.oidc.redirect');
     Route::get('auth/oidc/callback', [OIDCController::class, 'callback'])->name('auth.oidc.callback');
     Route::match(['get', 'post'], 'auth/oidc/logout', [OIDCController::class, 'logout'])->name('auth.oidc.logout');
+    Route::get('auth/oidc/signout', [OIDCController::class, 'signout'])->name('auth.oidc.signout');
 });
 
 if (config('greenlight.compatibility')) {