SignOut sends a response to clear the authentication cookie
(rw http.ResponseWriter, req *http.Request)
| 755 | |
| 756 | // SignOut sends a response to clear the authentication cookie |
| 757 | func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request) { |
| 758 | redirect, err := p.appDirector.GetRedirect(req) |
| 759 | if err != nil { |
| 760 | logger.Errorf("Error obtaining redirect: %v", err) |
| 761 | p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error()) |
| 762 | return |
| 763 | } |
| 764 | |
| 765 | if strings.Contains(redirect, idTokenPlaceholder) { |
| 766 | session, err := p.getAuthenticatedSession(rw, req) |
| 767 | if err != nil { |
| 768 | logger.Errorf("error getting authenticated session during SignOut, won't replace id_token placeholder in redirect URL: %v", err) |
| 769 | } else { |
| 770 | redirect = strings.ReplaceAll(redirect, idTokenPlaceholder, session.IDToken) |
| 771 | } |
| 772 | } |
| 773 | |
| 774 | // Call backend logout before clearing the session so we still have the session |
| 775 | // (and id_token) available to invoke the provider's logout endpoint |
| 776 | p.backendLogout(rw, req) |
| 777 | |
| 778 | err = p.ClearSessionCookie(rw, req) |
| 779 | if err != nil { |
| 780 | logger.Errorf("Error clearing session cookie: %v", err) |
| 781 | p.ErrorPage(rw, req, http.StatusInternalServerError, err.Error()) |
| 782 | return |
| 783 | } |
| 784 | |
| 785 | http.Redirect(rw, req, redirect, http.StatusFound) |
| 786 | } |
| 787 | |
| 788 | func (p *OAuthProxy) backendLogout(rw http.ResponseWriter, req *http.Request) { |
| 789 | session, err := p.getAuthenticatedSession(rw, req) |