Skip to content

Commit

Permalink
remove session_state claim condition for end provide session
Browse files Browse the repository at this point in the history
  • Loading branch information
@djbgeodan
djbgeodan authored Oct 4, 2023
1 parent b490c79 commit 8ad0d71
Showing 1 changed file with 24 additions and 25 deletions.
49 changes: 24 additions & 25 deletions src/plugin/oauth/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1511,33 +1511,32 @@ class BaseOauthPlugin extends BasePlugin {
sessionPayload.tokenSet.id_token
) {
let idToken = jwt.decode(sessionPayload.tokenSet.id_token);
// TODO: this check may not be entirely needed/wanted
if (idToken.session_state) {
const payload = {
redirect_uri: redirect_uri,
aud: configAudMD5,
req: {
headers: {
referer: req.headers.referer,
},

const payload = {
redirect_uri: redirect_uri,
aud: configAudMD5,
req: {
headers: {
referer: req.headers.referer,
},
request_is_xhr,
};
const stateToken = jwt.sign(payload, issuer_sign_secret);
const state = plugin.server.utils.encrypt(
issuer_encrypt_secret,
stateToken,
"hex"
);
},
request_is_xhr,
};
const stateToken = jwt.sign(payload, issuer_sign_secret);
const state = plugin.server.utils.encrypt(
issuer_encrypt_secret,
stateToken,
"hex"
);

redirect_uri = await client.endSessionUrl({
id_token_hint: sessionPayload.tokenSet.id_token,
post_logout_redirect_uri:
plugin.config.features.logout.end_provider_session
.post_logout_redirect_uri,
state,
});
}
redirect_uri = await client.endSessionUrl({
id_token_hint: sessionPayload.tokenSet.id_token,
post_logout_redirect_uri:
plugin.config.features.logout.end_provider_session
.post_logout_redirect_uri,
state,
});

}

plugin.server.logger.info("deleting session: %s", session_id);
Expand Down

0 comments on commit 8ad0d71

Please sign in to comment.