Reactive OAuth 2.0 logout handler resolves registrationId
Closes gh-11378
This commit is contained in:
parent
3f30de388a
commit
6f69d85fcb
|
@ -18,7 +18,8 @@ package org.springframework.security.oauth2.client.oidc.web.server.logout;
|
|||
|
||||
import java.net.URI;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
|
@ -85,7 +86,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
|
|||
return Mono.empty();
|
||||
}
|
||||
String idToken = idToken(authentication);
|
||||
String postLogoutRedirectUri = postLogoutRedirectUri(exchange.getExchange().getRequest());
|
||||
String postLogoutRedirectUri = postLogoutRedirectUri(exchange.getExchange().getRequest(), clientRegistration);
|
||||
return Mono.just(endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri));
|
||||
})
|
||||
.switchIfEmpty(
|
||||
|
@ -119,7 +120,7 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
|
|||
return ((OidcUser) authentication.getPrincipal()).getIdToken().getTokenValue();
|
||||
}
|
||||
|
||||
private String postLogoutRedirectUri(ServerHttpRequest request) {
|
||||
private String postLogoutRedirectUri(ServerHttpRequest request, ClientRegistration clientRegistration) {
|
||||
if (this.postLogoutRedirectUri == null) {
|
||||
return null;
|
||||
}
|
||||
|
@ -129,8 +130,13 @@ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogo
|
|||
.replaceQuery(null)
|
||||
.fragment(null)
|
||||
.build();
|
||||
|
||||
Map<String, String> uriVariables = new HashMap<>();
|
||||
uriVariables.put("baseUrl", uriComponents.toUriString());
|
||||
uriVariables.put("registrationId", clientRegistration.getRegistrationId());
|
||||
|
||||
return UriComponentsBuilder.fromUriString(this.postLogoutRedirectUri)
|
||||
.buildAndExpand(Collections.singletonMap("baseUrl", uriComponents.toUriString()))
|
||||
.buildAndExpand(uriVariables)
|
||||
.toUriString();
|
||||
// @formatter:on
|
||||
}
|
||||
|
|
|
@ -163,6 +163,22 @@ public class OidcClientInitiatedServerLogoutSuccessHandlerTests {
|
|||
+ "post_logout_redirect_uri=https://rp.example.org/context?forwardUrl%3Dsecured%253Fparam%253Dtrue");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void logoutWhenUsingPostLogoutRedirectUriTemplateThenBuildsItForRedirectExpanded()
|
||||
throws IOException, ServletException {
|
||||
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(),
|
||||
AuthorityUtils.NO_AUTHORITIES, this.registration.getRegistrationId());
|
||||
given(this.exchange.getPrincipal()).willReturn(Mono.just(token));
|
||||
MockServerHttpRequest request = MockServerHttpRequest.get("https://rp.example.org/").build();
|
||||
given(this.exchange.getRequest()).willReturn(request);
|
||||
WebFilterExchange f = new WebFilterExchange(this.exchange, this.chain);
|
||||
this.handler.setPostLogoutRedirectUri("{baseUrl}/{registrationId}");
|
||||
this.handler.onLogoutSuccess(f, token).block();
|
||||
assertThat(redirectedUrl(this.exchange)).isEqualTo(String.format(
|
||||
"https://endpoint?" + "id_token_hint=id-token&" + "post_logout_redirect_uri=https://rp.example.org/%s",
|
||||
this.registration.getRegistrationId()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setPostLogoutRedirectUriWhenGivenNullThenThrowsException() {
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setPostLogoutRedirectUri((URI) null));
|
||||
|
|
Loading…
Reference in New Issue