Revision 1ae62674
Added by Serghei Mihai over 9 years ago
ckanext/ozwillo_pyoidc/plugin.py | ||
---|---|---|
30 | 30 |
map.connect('/organization/{id:.*}/callback', |
31 | 31 |
controller=plugin_controller, |
32 | 32 |
action='callback') |
33 |
map.connect('/user/slo', |
|
34 |
controller=plugin_controller, |
|
35 |
action='slo') |
|
36 |
map.redirect('/organization/{id:.*}/logout', '/user/_logout') |
|
37 |
|
|
33 | 38 |
return map |
34 | 39 |
|
35 | 40 |
def after_map(self, map): |
... | ... | |
65 | 70 |
toolkit.redirect_to('/') |
66 | 71 |
|
67 | 72 |
def logout(self): |
68 |
# revoke all auth tokens |
|
69 |
# redirect to logout in ozwillo |
|
70 |
# revoke_endpoint = 'https://portal.ozwillo-preprod.eu/a/revoke' |
|
71 |
# toolkit.redirect('/user/_logout') |
|
72 | 73 |
pass |
73 | 74 |
|
74 | 75 |
def update_config(self, config_): |
... | ... | |
111 | 112 |
id=session['organization_id'], |
112 | 113 |
qualified=True) |
113 | 114 |
toolkit.redirect_to(org_url) |
115 |
|
|
116 |
def slo(self): |
|
117 |
""" |
|
118 |
Revokes the delivered access token. Logs out the user |
|
119 |
""" |
|
120 |
global CLIENT |
|
121 |
logout_url = str(CLIENT.end_session_endpoint) |
|
122 |
org_url = toolkit.url_for(host=request.host, |
|
123 |
controller='organization', |
|
124 |
action='read', |
|
125 |
id=session['organization_id'], |
|
126 |
qualified=True) |
|
127 |
redirect_uri = org_url + '/logout' |
|
128 |
|
|
129 |
# revoke the access token |
|
130 |
headers = {'Content-Type': 'application/x-www-form-urlencoded'} |
|
131 |
data = 'token=%s&token_type_hint=access_token' % CLIENT.access_token |
|
132 |
CLIENT.http_request(CLIENT.revocation_endpoint, 'POST', |
|
133 |
data=data, headers=headers) |
|
134 |
|
|
135 |
# redirect to IDP logout |
|
136 |
logout_url += '?id_token_hint=%s&' % CLIENT.id_token |
|
137 |
logout_url += 'post_logout_redirect_uri=%s' % redirect_uri |
|
138 |
toolkit.redirect_to(logout_url) |
Also available in: Unified diff
user logging out