envoy-oauth2-filter-google icon indicating copy to clipboard operation
envoy-oauth2-filter-google copied to clipboard

Published 20 hours ago verified publisher icon veehaitch

`signout_path`: Does it work?

Open mbana opened this issue 3 years ago • 1 comments

Hello, nice example you have but I was wondering if the signout_path path works.

I'm referring to:

https://github.com/veehaitch/envoy-oauth2-filter-google/blob/main/envoy/envoy.yaml#L42

In my case after visiting http://localhost:8080/oauth2/signout, after having logged in of course, I get redirected to http://localhost:8080/. If after attempting to do the signout and then going back to http://localhost:8080/oauth2 I can still see the upstream values, which indicates to me that it hasn't cleared the cookies.

mbana avatar Sep 05 '22 15:09 mbana

This happens because the API does not have unprotected routes. From the Auth0 docs:

Logout issues Make the logout redirect URL an anonymous page (not protected by login) so that redirects to the logout redirect URL do not immediately trigger a login, which may confuse users.

Is there a way to have unprotected routes in Envoy when OAuth is enabled?

aabedraba avatar Sep 06 '22 09:09 aabedraba