nginx-openid-connect icon indicating copy to clipboard operation
nginx-openid-connect copied to clipboard

Published 20 hours ago verified publisher icon nginxinc

Add OIDC end session endpoint and custom query params

Open shawnhankim opened this issue 2 years ago • 1 comments

Issue:

  • https://github.com/nginxinc/nginx-openid-connect/issues/70

Summary:

  • Added the IdP's end session endpoint to terminate the user session on the IdP's side.
  • Added the customizable variable to support different query parameters from each IdP.
  • Enhanced RP's callback URI for NGINX to clean cookies and redirect to the OIDC logout landing page.

Description:

  • Added a map variable of $oidc_end_session_endpoint as same as authorization and token endpoints in the openid_connect_configuration.conf.

  • Added a map variable of $oidc_logout_landing_page to determine where to redirect browser after successful logout from the IdP.

  • Added a map variable of $oidc_end_session_query_params to support different query parameters per each IdP.

  • Enhanced /logout location:

    • Add query parameters using $oidc_end_session_query_params for the $oidc_end_session_endpoint.
    • NGINX Plus: cleared tokens.
    • Redirected to the $oidc_end_session_endpoint to start ending session in the IdP.

  • Enhanced /_logout location:

    • Redirected by IdP when IdP successfully finished the session.
    • Clean cookies
    • NGINX Plus: Redirect to the $oidc_logout_landing_page.

shawnhankim avatar Dec 22 '22 02:12 shawnhankim

@route443 :

  • Thanks for your review in detail for the PR.
  • This PR is to simplify from the previous PR.
  • For you to easily manage this repo to reduce any concerns from the enhancements based on the reviews on the PR, I have divided a big PR into small PRs, and this is one of PRs.
  • Let me know if you have any questions.

shawnhankim avatar Dec 22 '22 02:12 shawnhankim