oauthenticator icon indicating copy to clipboard operation
oauthenticator copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

[All] Add post_logout_redirect_uri configuration

Open pylanglois opened this issue 2 years ago • 5 comments

To logout, the openid specs requires a id_token_hint as parameter which is provided along with the access_token. So I added that value to the auth_state. After logout, it is possible to provide a URI where the user is redirected. This URI can be set with the traitlets post_logout_redirect_uri.

https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout

pylanglois avatar Aug 08 '22 14:08 pylanglois

Thanks for submitting your first pull request! You are awesome! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please make sure you followed the pull request template, as this will help us review your contribution more quickly. welcome You can meet the other Jovyans by joining our Discourse forum. There is also a intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

welcome[bot] avatar Aug 08 '22 14:08 welcome[bot]

Note that you need to request the 'openid' scope to get an 'id_token'

c.GenericOAuthenticator.scope = ["openid"]

pylanglois avatar Aug 09 '22 13:08 pylanglois

@GeorgianaElena Any update on this? :)

nguyentritai2906 avatar Feb 27 '23 10:02 nguyentritai2906

Quick workaround without the need of id_token_hint: use client_id=<clientid>. This will allows logout to work, however user will need to confirm on Keycloak/OAuth provider side to logout (2 clicks instead of just 1)

n0k0m3 avatar Apr 20 '23 02:04 n0k0m3

For some reason, extra_params with client_id and secret needs to be present in your config file.

c.GenericOAuthenticator.extra_params = { "client_id": "your-client", "client_secret": "your-secret", }

pylanglois avatar May 29 '23 19:05 pylanglois