makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: redirect to Logto end-session endpoint on logout
All checks were successful
CI / ci (push) Successful in 1m12s
Details
CI / e2e (push) Has been skipped
Details
CI / deploy (push) Successful in 20s
Details

Browse Source 
After revoking the local session, redirect to Logto's /session/end
so the OIDC session is cleared too. Previously redirected to /login
which immediately re-authenticated via the still-valid Logto session.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-12 21:54:49 +02:00
parent ddb76fd229
commit 23cfbf7e4b
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/server/index.ts
View File

@@ -99,7 +99,14 @@ app.get("/login", oidcAuthMiddleware(), async (c) => c.redirect("/"));
app.get("/callback", async (c) => processOAuthCallback(c)); app.get("/callback", async (c) => processOAuthCallback(c));
app.get("/logout", async (c) => { app.get("/logout", async (c) => {
await revokeSession(c); await revokeSession(c);
return c.redirect("/login"); const issuer = process.env.OIDC_ISSUER;
const postLogoutRedirect = new URL("/", c.req.url).origin;
if (issuer) {
return c.redirect(
`${issuer}/session/end?post_logout_redirect_uri=${encodeURIComponent(postLogoutRedirect)}`,
);
}
return c.redirect("/");
}); });
// CORS for OAuth and MCP endpoints (required for claude.ai browser-based flows) // CORS for OAuth and MCP endpoints (required for claude.ai browser-based flows)