summaryrefslogtreecommitdiffstats
path: root/aurweb/routers
diff options
context:
space:
mode:
Diffstat (limited to 'aurweb/routers')
-rw-r--r--aurweb/routers/sso.py18
1 files changed, 18 insertions, 0 deletions
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py
index e1ec7efe..a8d4b141 100644
--- a/aurweb/routers/sso.py
+++ b/aurweb/routers/sso.py
@@ -1,6 +1,8 @@
import time
import uuid
+from urllib.parse import urlencode
+
import fastapi
from authlib.integrations.starlette_client import OAuth
@@ -82,3 +84,19 @@ async def authenticate(request: Request, conn=Depends(aurweb.db.connect)):
else:
# We’ve got a severe integrity violation.
raise Exception("Multiple accounts found for SSO account " + sub)
+
+
+@router.get("/sso/logout")
+async def logout():
+ """
+ Disconnect the user from the SSO provider, potentially affecting every
+ other Arch service. AUR logout is performed by `/logout`, before it
+ redirects to `/sso/logout`.
+
+ Based on the OpenID Connect Session Management specification:
+ https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
+ """
+ metadata = await oauth.sso.load_server_metadata()
+ # TODO Supply id_token_hint to the end session endpoint.
+ query = urlencode({'post_logout_redirect_uri': aurweb.config.get('options', 'aur_location')})
+ return RedirectResponse(metadata["end_session_endpoint"] + '?' + query)