@Override
public Response requestEndSession(
String idTokenHint,
String postLogoutRedirectUri,
String state,
String sessionId,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
SecurityContext sec) {
log.debug(
"Attempting to end session, idTokenHint: {0}, postLogoutRedirectUri: {1}, sessionId: {2}, Is Secure = {3}",
idTokenHint, postLogoutRedirectUri, sessionId, sec.isSecure());
EndSessionParamsValidator.validateParams(
idTokenHint, postLogoutRedirectUri, errorResponseFactory);
final Pair<SessionId, AuthorizationGrant> pair =
endSession(idTokenHint, sessionId, httpRequest, httpResponse, sec);
// Validate redirectUri
String redirectUri =
redirectionUriService.validatePostLogoutRedirectUri(
pair.getSecond().getClient().getClientId(), postLogoutRedirectUri);
if (StringUtils.isNotBlank(redirectUri)) {
RedirectUri redirectUriResponse = new RedirectUri(redirectUri);
if (StringUtils.isNotBlank(state)) {
redirectUriResponse.addResponseParameter(EndSessionResponseParam.STATE, state);
}
return RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest).build();
} else {
errorResponseFactory.throwBadRequestException(EndSessionErrorResponseType.INVALID_REQUEST);
}
return Response.ok().build();
}
@Override
public Response requestEndSession(
String idTokenHint,
String postLogoutRedirectUri,
String state,
String sessionId,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
SecurityContext sec) {
log.debug(
"Attempting to end session, idTokenHint: {0}, postLogoutRedirectUri: {1}, sessionId: {2}, Is Secure = {3}",
idTokenHint, postLogoutRedirectUri, sessionId, sec.isSecure());
Response.ResponseBuilder builder = Response.ok();
if (!EndSessionParamsValidator.validateParams(idTokenHint, postLogoutRedirectUri)) {
builder = Response.status(400);
builder.entity(
errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
} else {
AuthorizationGrant authorizationGrant =
authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
boolean isExternalAuthenticatorLogoutPresent = false;
boolean externalLogoutResult = false;
if (authorizationGrant != null) {
removeSessionId(sessionId, httpRequest, httpResponse);
isExternalAuthenticatorLogoutPresent = externalApplicationSessionService.isEnabled();
if (isExternalAuthenticatorLogoutPresent) {
externalLogoutResult =
externalApplicationSessionService.executeExternalEndSessionMethods(
httpRequest, authorizationGrant);
log.info(
"End session result for '{0}': '{1}'",
authorizationGrant.getUser().getUserId(), "logout", externalLogoutResult);
}
}
boolean isGrantAndNoExternalLogout =
authorizationGrant != null && !isExternalAuthenticatorLogoutPresent;
boolean isGrantAndExternalLogoutSuccessful =
authorizationGrant != null
&& isExternalAuthenticatorLogoutPresent
&& externalLogoutResult;
if (isGrantAndNoExternalLogout || isGrantAndExternalLogoutSuccessful) {
authorizationGrant.revokeAllTokens();
// Validate redirectUri
String redirectUri =
redirectionUriService.validatePostLogoutRedirectUri(
authorizationGrant.getClient().getClientId(), postLogoutRedirectUri);
if (StringUtils.isNotBlank(redirectUri)) {
RedirectUri redirectUriResponse = new RedirectUri(redirectUri);
if (StringUtils.isNotBlank(state)) {
redirectUriResponse.addResponseParameter(EndSessionResponseParam.STATE, state);
}
builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
} else {
builder = Response.status(400);
builder.entity(
errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
}
} else {
builder = Response.status(401);
builder.entity(
errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_GRANT));
}
}
return builder.build();
}