Skip to content

Commit

Permalink
Device authorization logout
Browse files Browse the repository at this point in the history
  • Loading branch information
oharsta committed Aug 20, 2024
1 parent 16c2985 commit 9955322
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 12 deletions.
9 changes: 0 additions & 9 deletions src/main/java/oidc/endpoints/AuthorizationEndpoint.java
Original file line number Diff line number Diff line change
Expand Up @@ -248,15 +248,6 @@ private static String adStateToQueryParameters(UriComponentsBuilder builder, Sta
return uriString;
}

private void logout(HttpServletRequest request) {
SecurityContextHolder.getContext().setAuthentication(null);
SecurityContextHolder.clearContext();
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
}

private ModelAndView doConsent(MultiValueMap<String, String> parameters,
OpenIDClient client,
Set<String> scopes,
Expand Down
9 changes: 6 additions & 3 deletions src/main/java/oidc/endpoints/DeviceAuthorizationEndpoint.java
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
import static oidc.endpoints.AuthorizationEndpoint.validateScopes;

@RestController
public class DeviceAuthorizationEndpoint {
public class DeviceAuthorizationEndpoint implements OidcEndpoint{

private static final Log LOG = LogFactory.getLog(DeviceAuthorizationEndpoint.class);

Expand Down Expand Up @@ -161,8 +161,11 @@ public ModelAndView postVerify(@RequestParam Map<String, String> body, HttpServl
ModelAndView modelAndView = findByUserCode(userCode)
//avoid replay's
.filter(deviceAuthorization -> deviceAuthorization.getStatus().equals(DeviceAuthorizationStatus.authorization_pending))
.map(deviceAuthorization ->
new ModelAndView(new RedirectView(deviceAuthorizeURL(deviceAuthorization), true)))
.map(deviceAuthorization -> {
//We do not provide SSO as does EB not - up to the identity provider
logout(request);
return new ModelAndView(new RedirectView(deviceAuthorizeURL(deviceAuthorization), true));
})
.orElseGet(() -> this.verification(null, "true", request));
return modelAndView;
}
Expand Down
13 changes: 13 additions & 0 deletions src/main/java/oidc/endpoints/OidcEndpoint.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.ClaimsRequest;
import oidc.model.OpenIDClient;
import org.springframework.security.core.context.SecurityContextHolder;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.ArrayList;
Expand Down Expand Up @@ -50,4 +53,14 @@ default Date tokenValidity(int validity) {
LocalDateTime ldt = LocalDateTime.now().plusSeconds(validity);
return Date.from(ldt.atZone(ZoneId.systemDefault()).toInstant());
}
default void logout(HttpServletRequest request) {
SecurityContextHolder.getContext().setAuthentication(null);
SecurityContextHolder.clearContext();
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
}


}
1 change: 1 addition & 0 deletions src/main/java/oidc/endpoints/TokenEndpoint.java
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,7 @@ private ResponseEntity handleDeviceCodeFlow(DeviceAuthorization deviceAuthorizat
//We only permit one request for a success authorization
LOG.debug(String.format("Deleting deviceAuthorization as token is returned for client %s", client.getName()));
deviceAuthorizationRepository.delete(deviceAuthorization);

return new ResponseEntity<>(body, responseHttpHeaders, HttpStatus.OK);

}
Expand Down

0 comments on commit 9955322

Please sign in to comment.