feat: allow user-defined post_logout_redirect_uri

2026-05-10 02:16:59 +00:00 · 2021-09-10 14:45:41 +02:00
parent 9dc5b08d65
commit 5160987978
3 changed files with 16 additions and 6 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -90,7 +90,7 @@ func Initialize() *Config {
 	flag.String(IDPortenSecurityLevelValue, "Level4", "Requested security level, either Level3 or Level4.")
 	flag.Bool(IDPortenLocaleEnabled, true, "Toggle for setting the locale parameter for authorization requests.")
 	flag.String(IDPortenLocaleValue, "nb", "Locale for OAuth2 consent screen.")
-	flag.String(IDPortenPostLogoutRedirectURI, "https://nav.no", "URI for redirecting the user after successful logout at IDPorten.")
+	flag.String(IDPortenPostLogoutRedirectURI, "https://www.nav.no", "URI for redirecting the user after successful logout at IDPorten.")
 	flag.StringSlice(IDPortenScopes, []string{token.ScopeOpenID}, "List of scopes that should be used during the Auth Code flow.")
 	flag.Duration(IDPortenSessionMaxLifetime, time.Hour, "Max lifetime for user sessions.")
 	flag.StringSlice(Ingresses, []string{"/"}, "Ingresses used to access the main application.")
--- a/pkg/router/request.go
+++ b/pkg/router/request.go
@@ -48,3 +48,12 @@ func LoginURLParameter(r *http.Request, parameter, fallback string, supported co

 	return value, fmt.Errorf("%w: invalid value for %s=%s", InvalidLoginParameterError, parameter, value)
 }
+
+func PostLogoutRedirectURI(r *http.Request, fallback string) string {
+	value := r.URL.Query().Get(PostLogoutRedirectURIParameter)
+
+	if len(value) > 0 {
+		return value
+	}
+	return fallback
+}
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -38,9 +38,10 @@ const (
 	CodeVerifierCookieName = "io.nais.wonderwall.code_verifier"
 	RedirectURLCookieName  = "io.nais.wonderwall.redirect_url"

-	RedirectURLParameter      = "redirect"
-	SecurityLevelURLParameter = "level"
-	LocaleURLParameter        = "locale"
+	RedirectURLParameter           = "redirect"
+	SecurityLevelURLParameter      = "level"
+	LocaleURLParameter             = "locale"
+	PostLogoutRedirectURIParameter = "post_logout_redirect_uri"
 )

 var (
@@ -406,13 +407,13 @@ func (h *Handler) Logout(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
+
 	v := u.Query()
-	v.Add("post_logout_redirect_uri", h.Config.PostLogoutRedirectURI)
+	v.Add("post_logout_redirect_uri", PostLogoutRedirectURI(r, h.Config.PostLogoutRedirectURI))

 	if len(idToken) != 0 {
 		v.Add("id_token_hint", idToken)
 	}
-
 	u.RawQuery = v.Encode()

 	http.Redirect(w, r, u.String(), http.StatusTemporaryRedirect)