feat: Add oidc-post-logout-redirect-url config option #1448 (#1462)

h2oai · May 31, 2022 · 3ed90eb · 3ed90eb
1 parent c3f155f
commit 3ed90eb
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 1 deletion.
diff --git a/auth.go b/auth.go
@@ -444,8 +444,12 @@ func (h *LogoutHandler) redirect(w http.ResponseWriter, r *http.Request, idToken
 		return
 	}
 
+	post_logout_redirect_url := h.auth.conf.PostLogoutRedirectURL
+	if post_logout_redirect_url != "" {
+		post_logout_redirect_url = r.Host
+	}
 	query := redirectURL.Query()
-	query.Set("post_logout_redirect_uri", r.Host)
+	query.Set("post_logout_redirect_uri", post_logout_redirect_url)
 	if len(idToken) > 0 {
 		// required by Okta
 		// https://developer.okta.com/docs/reference/api/oidc/#logout

diff --git a/cmd/wave/main.go b/cmd/wave/main.go
@@ -116,6 +116,7 @@ func main() {
 	stringVar(&auth.ProviderURL, "oidc-provider-url", "", "OIDC provider URL")
 	stringVar(&auth.RedirectURL, "oidc-redirect-url", "", "OIDC redirect URL")
 	stringVar(&auth.EndSessionURL, "oidc-end-session-url", "", "OIDC end session URL")
+	stringVar(&auth.PostLogoutRedirectURL, "oidc-post-logout-redirect-url", "", "OIDC post logout redirect URL")
 	stringVar(&rawAuthScopes, "oidc-scopes", "", "OIDC scopes, comma-separated (default \"openid,profile\")")
 	stringVar(&rawAuthURLParams, "oidc-auth-url-params", "", "additional URL parameters to pass during OIDC authorization, in the format \"key:value\", comma-separated, e.g. \"foo:bar,qux:42\"")
 	boolVar(&auth.SkipLogin, "oidc-skip-login", false, "do not display the login form during OIDC authorization")

diff --git a/conf.go b/conf.go
@@ -69,6 +69,7 @@ type AuthConf struct {
 	ProviderURL       string
 	RedirectURL       string
 	EndSessionURL     string
+	PostLogoutRedirectURL string	
 	Scopes            []string
 	URLParameters     [][]string
 	SkipLogin         bool

diff --git a/website/docs/configuration.md b/website/docs/configuration.md
@@ -61,6 +61,8 @@ Usage of ./waved:
         OIDC provider URL
   -oidc-redirect-url string
         OIDC redirect URL
+  -oidc-post-logout-redirect-url string
+        OIDC post logout redirect URL
   -oidc-scopes
         OIDC scopes separated by comma (default "openid,profile")
   -oidc-skip-login
@@ -114,6 +116,7 @@ H2O_WAVE_OIDC_CLIENT_SECRET
 H2O_WAVE_OIDC_END_SESSION_URL
 H2O_WAVE_OIDC_PROVIDER_URL
 H2O_WAVE_OIDC_REDIRECT_URL
+H2O_WAVE_OIDC_POST_LOGOUT_REDIRECT_URL
 H2O_WAVE_OIDC_SCOPES
 H2O_WAVE_OIDC_SKIP_LOGIN [1]
 H2O_WAVE_SESSION_EXPIRY