| 786 | } |
| 787 | |
| 788 | func (p *OAuthProxy) backendLogout(rw http.ResponseWriter, req *http.Request) { |
| 789 | session, err := p.getAuthenticatedSession(rw, req) |
| 790 | if err != nil { |
| 791 | logger.Errorf("error getting authenticated session during backend logout: %v", err) |
| 792 | return |
| 793 | } |
| 794 | |
| 795 | if session == nil { |
| 796 | return |
| 797 | } |
| 798 | |
| 799 | providerData := p.provider.Data() |
| 800 | if providerData.BackendLogoutURL == "" { |
| 801 | return |
| 802 | } |
| 803 | |
| 804 | backendLogoutURL := strings.ReplaceAll(providerData.BackendLogoutURL, idTokenPlaceholder, session.IDToken) |
| 805 | // security exception because URL is dynamic ({id_token} replacement) but |
| 806 | // base is not end-user provided but comes from configuration somewhat secure |
| 807 | resp, err := http.Get(backendLogoutURL) // #nosec G107 |
| 808 | if err != nil { |
| 809 | logger.Errorf("error while calling backend logout: %v", err) |
| 810 | return |
| 811 | } |
| 812 | |
| 813 | defer resp.Body.Close() |
| 814 | if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusNoContent { |
| 815 | logger.Errorf("error while calling backend logout url, returned error code %v", resp.StatusCode) |
| 816 | } |
| 817 | } |
| 818 | |
| 819 | // OAuthStart starts the OAuth2 authentication flow |
| 820 | func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request) { |