Project

General

Profile

« Previous | Next » 

Revision 1ae62674

Added by Serghei Mihai over 9 years ago

user logging out

View differences:

ckanext/ozwillo_pyoidc/plugin.py
30 30
        map.connect('/organization/{id:.*}/callback',
31 31
                    controller=plugin_controller,
32 32
                    action='callback')
33
        map.connect('/user/slo',
34
                    controller=plugin_controller,
35
                    action='slo')
36
        map.redirect('/organization/{id:.*}/logout', '/user/_logout')
37

  
33 38
        return map
34 39

  
35 40
    def after_map(self, map):
......
65 70
            toolkit.redirect_to('/')
66 71

  
67 72
    def logout(self):
68
        # revoke all auth tokens
69
        # redirect to logout in ozwillo
70
        # revoke_endpoint = 'https://portal.ozwillo-preprod.eu/a/revoke'
71
        # toolkit.redirect('/user/_logout')
72 73
        pass
73 74

  
74 75
    def update_config(self, config_):
......
111 112
                                      id=session['organization_id'],
112 113
                                      qualified=True)
113 114
            toolkit.redirect_to(org_url)
115

  
116
    def slo(self):
117
        """
118
        Revokes the delivered access token. Logs out the user
119
        """
120
        global CLIENT
121
        logout_url = str(CLIENT.end_session_endpoint)
122
        org_url = toolkit.url_for(host=request.host,
123
                                  controller='organization',
124
                                  action='read',
125
                                  id=session['organization_id'],
126
                                  qualified=True)
127
        redirect_uri = org_url + '/logout'
128

  
129
        # revoke the access token
130
        headers = {'Content-Type': 'application/x-www-form-urlencoded'}
131
        data = 'token=%s&token_type_hint=access_token' % CLIENT.access_token
132
        CLIENT.http_request(CLIENT.revocation_endpoint, 'POST',
133
                            data=data, headers=headers)
134

  
135
        # redirect to IDP logout
136
        logout_url += '?id_token_hint=%s&' % CLIENT.id_token
137
        logout_url += 'post_logout_redirect_uri=%s' % redirect_uri
138
        toolkit.redirect_to(logout_url)

Also available in: Unified diff