grist-core
grist-core copied to clipboard
Published
20 hours ago •
gristlabs
gristlabs
[OIDC] `post_logout_redirect_uri` is wrong when `ORG_IN_PATH=true`
Describe the current behavior
The URL after loging out of Grist is https://{URL}/o/{ORG}/signed-out when it should be something like https://{URL}/signed-out
Indeed, the OIDC spec states that post_logout_redirect_uri "MUST have been previously registered with the OP, either using the post_logout_redirect_uris Registration parameter or via another mechanism."
However, it is impossible to register all possible, orgs-specific, logout urls. You can't register a wildcarded URL either such as https://{URL}/o/*/signed-out
Steps to reproduce
- Create a Grist instance with
ORG_IN_PATHset totrue - Log in
- Navigate to a team site
- Log out
Describe the expected behavior
Logout URL should not depend on which team site you sign out from.
https://{URL}/signed-out seems sensible as a value.
Where have you encountered this bug?
- [ ] On docs.getgrist.com
- [X] On a self-hosted instance
Instance information (when self-hosting only)
- Grist instance:
- Version: 1.1.18
- Installation mode: k8s
- Architecture: multi-workers
