pfzetto/axum-oidc
1
0
Fork 0
mirror of https://codeberg.org/pfzetto/axum-oidc synced 2025-12-09 22:55:17 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix: correct error handling in rp initiated logout

Browse source 
Previously the extractor would return `ExtractorError::Unauthorized` when the issuer
does not provide a end_session_endpoint.
Now it will return a `ExtractorError::RpInitiatedLogoutNotSupported`.
This commit is contained in:
Paul Zinselmeyer 2024-08-30 10:33:07 +02:00
parent 32ecc2041b
commit 202b61fa83
Signed by: pfzetto
GPG key ID: B471A1AF06C895FD
3 changed files with 15 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/middleware.rs
View file

@ -409,15 +409,16 @@ fn insert_extensions<AC: AdditionalClaims>(
parts.extensions.insert(OidcAccessToken(
authenticated_session.access_token.secret().to_string(),
));
if let Some(end_session_endpoint) = &client.end_session_endpoint {
parts.extensions.insert(OidcRpInitiatedLogout {
let rp_initiated_logout = client.end_session_endpoint.as_ref().map(|end_session_endpoint|
OidcRpInitiatedLogout {
end_session_endpoint: end_session_endpoint.clone(),
id_token_hint: authenticated_session.id_token.to_string(),
client_id: client.client_id.clone(),
post_logout_redirect_uri: None,
state: None,
});
}
}
);
parts.extensions.insert(rp_initiated_logout);
}
/// Verify the access token hash to ensure that the access token hasn't been substituted for