solid-auth-client icon indicating copy to clipboard operation
solid-auth-client copied to clipboard
verified publisher icon nodeSolidServer

Logout using OIDC credentials instead of cookies

Open RubenVerborgh opened this issue 7 years ago • 4 comments

Closes #69.

RubenVerborgh avatar Oct 06 '18 22:10 RubenVerborgh

Coverage Status

Coverage decreased (-0.6%) to 61.593% when pulling 7fb5457a5b2c8727c1776f1c64b06d1963b87e18 on feature/logout-oidc into eb36d24abdfabce87425b86b9940e00941556b6d on master.

coveralls avatar Oct 06 '18 22:10 coveralls

(I think the idea is that you want to redirect the user (either the main page or a popup window) to the logour request’s url. that way, it also lets the browser clear the cookie to the IdP. otherwise, it’s still a third-party js request, which solid server should ignore. this also sets up the workflow for the next feature (a confirmation page saying, ok you’re logging out of the RP, do you also want to log out of IdP?).)

dmitrizagidulin avatar Oct 06 '18 22:10 dmitrizagidulin

I think the idea is that you want to redirect the user (either the main page or a popup window) to the logour request’s url.

But you recommended a POST request in https://github.com/solid/node-solid-server/pull/835#issuecomment-426430501 ?

otherwise, it’s still a third-party js request, which solid server should ignore.

But it is signed?

RubenVerborgh avatar Oct 06 '18 23:10 RubenVerborgh

Yeah, I did recommend a POST, I forgot about the redirection at that time :)

But is it signed?

Yeah, the request is signed (in the sense of, it’s carrying a signed id token credential). But I suspect without redirection, you’re gonna have a tough time clearing the cookie. (plus there’s no way to prompt the user if they want to also log out of idp and rp)

dmitrizagidulin avatar Oct 06 '18 23:10 dmitrizagidulin