Add logout view to enable minimal session mgmt

This implements a very small part of the OIDC session management as described in http://openid.net/specs/openid-connect-session-1_0-17.html#rfc.section.5. It does not implement the full session management (using iframes) and does not implement the registration and verification of logout redirect uri's.
2015-07-24 11:36:45 +02:00 · 2015-07-24 11:36:45 +02:00 · 76efb6fc68
parent 8e13243e23
commit 76efb6fc68
3 changed files with 12 additions and 3 deletions
--- a/oidc_provider/lib/endpoints/discovery.py
+++ b/oidc_provider/lib/endpoints/discovery.py
@ -1,4 +1,5 @@
 from django.core.urlresolvers import reverse
+from django.conf import settings as django_settings

 from oidc_provider import settings
 from oidc_provider.lib.utils.common import get_issuer
@ -17,6 +18,7 @@ class ProviderInfoEndpoint(object):
        dic['authorization_endpoint'] = SITE_URL + reverse('oidc_provider:authorize')
        dic['token_endpoint'] = SITE_URL + reverse('oidc_provider:token')
        dic['userinfo_endpoint'] = SITE_URL + reverse('oidc_provider:userinfo')
+        dic['end_session_endpoint'] = SITE_URL + reverse('oidc_provider:logout')

        from oidc_provider.models import Client
        types_supported = [x[0] for x in Client.RESPONSE_TYPE_CHOICES]
@ -29,4 +31,4 @@ class ProviderInfoEndpoint(object):
        # See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
        dic['subject_types_supported'] = ['public']

-        return dic
+        return dic
--- a/oidc_provider/urls.py
+++ b/oidc_provider/urls.py
@ -8,8 +8,9 @@ urlpatterns = patterns('',
    url(r'^authorize/$', AuthorizeView.as_view(), name='authorize'),
    url(r'^token/$', csrf_exempt(TokenView.as_view()), name='token'),
    url(r'^userinfo/$', csrf_exempt(userinfo), name='userinfo'),
+    url(r'^logout/$', LogoutView.as_view(), name='logout'),

    url(r'^\.well-known/openid-configuration/$', ProviderInfoView.as_view(), name='provider_info'),
    url(r'^jwks/$', JwksView.as_view(), name='jwks'),

-)
+)
--- a/oidc_provider/views.py
+++ b/oidc_provider/views.py
@ -1,7 +1,7 @@
 import logging

 from Crypto.PublicKey import RSA
-from django.contrib.auth.views import redirect_to_login
+from django.contrib.auth.views import redirect_to_login, logout
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import render
 from django.template.loader import render_to_string
@ -172,3 +172,9 @@ class JwksView(View):
        })

        return JsonResponse(dic)
+
+
+class LogoutView(View):
+    def get(self, request, *args, **kwargs):
+        # We should actually verify if the requested redirect URI is safe
+        return logout(request, next_page=request.GET.get('post_logout_redirect_uri'))