Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

redirect to client redirect_uri after oAuth2 session cleanup #630

Open
DrMegavolt opened this issue Feb 7, 2018 · 2 comments
Open

redirect to client redirect_uri after oAuth2 session cleanup #630

DrMegavolt opened this issue Feb 7, 2018 · 2 comments
Assignees
@DrMegavolt
Milestone
1.8.0

Comments

@DrMegavolt
Copy link
Contributor

current implementation of site.logout just removes the session of the user.

the idea is to somehow before clearing the session identify client_id
find redirect_uri of the app and return user there

cliend_id most likely will be in session

@StickNitro
@DrMegavolt DrMegavolt self-assigned this Feb 7, 2018
@DrMegavolt
Copy link
Contributor Author

After some investigation this scenario will be unstable due to session expiration.
Instead client should send returnTo parameter with url

if client_id is provided. then EG must validate if the passed url is allowed by app

more info https://auth0.com/docs/logout

@DrMegavolt
Copy link
Contributor Author

and default redirect uri should be made configurable for both login and logout (/ currently)

@DrMegavolt DrMegavolt added this to the 1.8.0 milestone Feb 7, 2018
DrMegavolt added a commit that referenced this issue Feb 19, 2018
@DrMegavolt
connect #630 redirect to returnTo url after logout
cd3e9ab
@XVincentX XVincentX removed the test label Apr 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DrMegavolt DrMegavolt

Labels
None yet
Projects
None yet
Milestone
1.8.0
Development

No branches or pull requests
3 participants
@kevinswiber @XVincentX @DrMegavolt