Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support configuring Back-Channel Logout URLs for a Client #202

Merged
merged 2 commits into from
May 11, 2023
Merged

Support configuring Back-Channel Logout URLs for a Client #202

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7f6e5b8
Support configuring Back-Channel Logout URLs for a Client
ewanharris May 10, 2023
1914844
Add doc string for OIDCBackchannelLogout
ewanharris May 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions management/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,9 @@ type Client struct {

// If `true` then the client will require Pushed Authorization Requests
RequirePushedAuthorizationRequests *bool `json:"require_pushed_authorization_requests,omitempty"`

// URLs that are valid to call back from Auth0 for OIDC backchannel logout.
OIDCBackchannelLogout *OIDCBackchannelLogout `json:"oidc_backchannel_logout,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if a user tries to set this value but the tenant doesn't have the feature flag? Is it obvious what to do from the error message? If not could we append some additional info here to alert the user that the feature flag needs to be enabled on the tenant until this is GAed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting this property will return Failed 400 Bad Request: Payload validation error: 'Additional properties not allowed: oidc_backchannel_logout, but attempting to set RequirePushedAuthorizationRequests will return 403 Forbidden: The account is not allowed to perform this operation, please contact our support team.

I'll look to update both of these to include a note around ensuring they are enabled

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good 👍🏻 we can do that in another PR then

}

// ClientJWTConfiguration is used to configure JWT settings for our Client.
Expand Down Expand Up @@ -219,6 +222,11 @@ type PrivateKeyJWT struct {
Credentials *[]Credential `json:"credentials,omitempty"`
}

// OIDCBackchannelLogout defines the `oidc_backchannel_logout` settings for the client.
type OIDCBackchannelLogout struct {
BackChannelLogoutURLs *[]string `json:"backchannel_logout_urls,omitempty"`
}

// ClientList is a list of Clients.
type ClientList struct {
List
Expand Down
21 changes: 21 additions & 0 deletions management/management.gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 25 additions & 0 deletions management/management.gen_test.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.