From 76efb6fc68885e97552d6627da99da08bf7ae9ee Mon Sep 17 00:00:00 2001 From: Maarten van Schaik Date: Fri, 24 Jul 2015 11:36:45 +0200 Subject: [PATCH] Add logout view to enable minimal session mgmt This implements a very small part of the OIDC session management as described in http://openid.net/specs/openid-connect-session-1_0-17.html#rfc.section.5. It does not implement the full session management (using iframes) and does not implement the registration and verification of logout redirect uri's. --- oidc_provider/lib/endpoints/discovery.py | 4 +++- oidc_provider/urls.py | 3 ++- oidc_provider/views.py | 8 +++++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/oidc_provider/lib/endpoints/discovery.py b/oidc_provider/lib/endpoints/discovery.py index 130f598..5d892aa 100644 --- a/oidc_provider/lib/endpoints/discovery.py +++ b/oidc_provider/lib/endpoints/discovery.py @@ -1,4 +1,5 @@ from django.core.urlresolvers import reverse +from django.conf import settings as django_settings from oidc_provider import settings from oidc_provider.lib.utils.common import get_issuer @@ -17,6 +18,7 @@ class ProviderInfoEndpoint(object): dic['authorization_endpoint'] = SITE_URL + reverse('oidc_provider:authorize') dic['token_endpoint'] = SITE_URL + reverse('oidc_provider:token') dic['userinfo_endpoint'] = SITE_URL + reverse('oidc_provider:userinfo') + dic['end_session_endpoint'] = SITE_URL + reverse('oidc_provider:logout') from oidc_provider.models import Client types_supported = [x[0] for x in Client.RESPONSE_TYPE_CHOICES] @@ -29,4 +31,4 @@ class ProviderInfoEndpoint(object): # See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes dic['subject_types_supported'] = ['public'] - return dic \ No newline at end of file + return dic diff --git a/oidc_provider/urls.py b/oidc_provider/urls.py index 8a9654e..8fd0756 100644 --- a/oidc_provider/urls.py +++ b/oidc_provider/urls.py @@ -8,8 +8,9 @@ urlpatterns = patterns('', url(r'^authorize/$', AuthorizeView.as_view(), name='authorize'), url(r'^token/$', csrf_exempt(TokenView.as_view()), name='token'), url(r'^userinfo/$', csrf_exempt(userinfo), name='userinfo'), + url(r'^logout/$', LogoutView.as_view(), name='logout'), url(r'^\.well-known/openid-configuration/$', ProviderInfoView.as_view(), name='provider_info'), url(r'^jwks/$', JwksView.as_view(), name='jwks'), -) \ No newline at end of file +) diff --git a/oidc_provider/views.py b/oidc_provider/views.py index c9bed77..4a0939b 100644 --- a/oidc_provider/views.py +++ b/oidc_provider/views.py @@ -1,7 +1,7 @@ import logging from Crypto.PublicKey import RSA -from django.contrib.auth.views import redirect_to_login +from django.contrib.auth.views import redirect_to_login, logout from django.http import HttpResponse, HttpResponseRedirect, JsonResponse from django.shortcuts import render from django.template.loader import render_to_string @@ -172,3 +172,9 @@ class JwksView(View): }) return JsonResponse(dic) + + +class LogoutView(View): + def get(self, request, *args, **kwargs): + # We should actually verify if the requested redirect URI is safe + return logout(request, next_page=request.GET.get('post_logout_redirect_uri'))