Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenID Connect unable to logout #4836

Open
dik23 opened this issue Feb 7, 2024 · 2 comments
Open

OpenID Connect unable to logout #4836

dik23 opened this issue Feb 7, 2024 · 2 comments
Labels

Comments

@dik23
Copy link

dik23 commented Feb 7, 2024

Description

Once logged in with a social application using OIDC it's not possible to log out again

Steps to Reproduce

  1. Log into Kobo using OIDC provider
  2. Click on logout in Kobo
  3. On the Kobo login screen click to login with the OIDC provider
  4. User is logged back in

Expected behavior

I would expect the logout in Kobo to log out of the OIDC provider using one of the many options available. If not as default then as an option

Actual behavior

User is still logged into the OIDC provider

Additional details

When the user signs up for SSO they're provided with the message

Afterwards, you will only be able to sign in via SSO unless you disable this setting here

This means that it's impossible for a second SSO user to log in, because the original user is logged in and the second user can only log in with SSO

Things I've tried

Putting LOGOUT_REDIRECT_URL in envfile.txt, envfiles/kpi.txt and runtime_variables_kpi.source.bash

Adding various options along with "server_url": "https:// into the django admin > Social applications > Settings field in Kobo including "LOGOUT_REDIRECT_URL": "https://, "ACCOUNT_LOGOUT_ON_GET": "True", "post_logout_redirect_uri": "https://, "prompt": "consent", "http_logout_supported": "true", "logout_session_supported": "true", "end_session_endpoint": "https://, "frontchannel_logout_uri": "https://, "frontchannel_logout_session_required": "true", "frontchannel_logout_session_supported": "true"

At no point can the user logout

Other information

This looks similar to this issue in django-allauth, which includes a couple of ways that people have worked around

@rgraber
Copy link
Contributor

rgraber commented Jul 2, 2024

Hello!
We have so far been unable to reproduce this issue.
Can you give us a few more details about your setup? Specifically, which OIDC provider are you using? Also is this in a prod/stage/dev environment?
It would also be useful to know any other related auth-related configurations you may have changed in your env

@dik23
Copy link
Author

dik23 commented Jul 5, 2024

Keycloak
Dev

Will add detail when I have access

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants