security-dashboards-plugin icon indicating copy to clipboard operation
security-dashboards-plugin copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

[BUG] JWT logout has no matching route

Open jochen-kressin opened this issue 1 year ago • 1 comments

What is the bug? When you login with a JWT using a request header or a query parameter, the token is stored in the authentication cookie. Hence, there is a logout mechanism for JWT as sell. However, when you click the logout button, the resulting AJAX request returns a 404 because the logout route does not exist.

How can one reproduce the bug? Steps to reproduce the behavior:

  1. Login with a JWT.
  2. Click Logout
  3. Check the network requests for a 404
  4. Nothing happens on the screen

What is the expected behavior? The user should be logged out and depending on JWT config settings see a non authenticated state.

What is your host/environment?

  • OS: MacOS
  • Version: 2.11
  • Plugins: Only security

Do you have any additional context? I believe this is just a faulty route path definition in JWT's routes: https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/auth/types/jwt/routes.ts#L29 That path does not correspond to the url used by the logout component.

jochen-kressin avatar Dec 28 '23 21:12 jochen-kressin

[Triage] Hi @jochen-kressin, thank you for filing this issue. This seems like a good change that would improve the state of things. We can mark this as triaged.

stephen-crawford avatar Jan 08 '24 16:01 stephen-crawford