Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[All] Add post_logout_redirect_uri configuration #531

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

pylanglois
Copy link

To logout, the openid specs requires a id_token_hint as parameter which is provided along with the access_token. So I added that value to the auth_state. After logout, it is possible to provide a URI where the user is redirected. This URI can be set with the traitlets post_logout_redirect_uri.

https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout

@welcome
Copy link

welcome bot commented Aug 8, 2022

Thanks for submitting your first pull request! You are awesome! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please make sure you followed the pull request template, as this will help us review your contribution more quickly.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also a intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@pylanglois
Copy link
Author

pylanglois commented Aug 9, 2022

Note that you need to request the 'openid' scope to get an 'id_token'

c.GenericOAuthenticator.scope = ["openid"]

@consideRatio consideRatio changed the title Redirect to URI after logout [All] Add post_logout_redirect_uri configuration Dec 5, 2022
@nguyentritai2906
Copy link

@GeorgianaElena Any update on this? :)

@n0k0m3
Copy link

n0k0m3 commented Apr 20, 2023

Quick workaround without the need of id_token_hint: use client_id=<clientid>.
This will allows logout to work, however user will need to confirm on Keycloak/OAuth provider side to logout (2 clicks instead of just 1)

@pylanglois
Copy link
Author

For some reason, extra_params with client_id and secret needs to be present in your config file.

c.GenericOAuthenticator.extra_params = { "client_id": "your-client", "client_secret": "your-secret", }

@yavorivanov-cw
Copy link

Any news on that?
We want to use post_logout_redirect_uri but for now we have to use it with client_id instead of id_token_hint. This requires the user the press logout on the keycloak logout page instead only on logout in jupyterhub UI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants