From bb11c76649e5db48cc42d38676b623ce004c6b63 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Tue, 19 Sep 2023 17:00:46 +0200
Subject: [PATCH] End kratos session in prelogout as well
---
backend/web/login/login.py | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/backend/web/login/login.py b/backend/web/login/login.py
index 57225371..6947038e 100644
--- a/backend/web/login/login.py
+++ b/backend/web/login/login.py
@@ -580,15 +580,32 @@ def prelogout():
current_app.logger.info("Logout request hydra, subject %s", logout_request.subject)
- # Accept logout request and direct to hydra to remove cookies
+ # Accept logout request. We ignore the redirect URL
+ # (`hydra_return.redirect_to`) because we also need to do the kratos logout
+ # browser flow and we can't do both.
try:
hydra_return = hydra_admin_api.accept_logout_request(challenge)
- if hydra_return:
- return redirect(hydra_return.redirect_to)
-
except Exception as ex:
current_app.logger.info("Error logging out hydra: %s", str(ex))
+ # Now start ending the kratos session.
+ kratos_cookie = get_kratos_cookie()
+ if not kratos_cookie:
+ # No kratos cookie, already logged out from kratos.
+ current_app.logger.info("Expected kratos cookie but not found. Redirecting to hydra post-logout");
+ return redirect(hydra_post_logout)
+ try:
+ # Create a Logout URL for Browsers
+ kratos_api_response = \
+ admin_frontend_api.create_browser_logout_flow(
+ cookie=kratos_cookie)
+ current_app.logger.info(kratos_api_response)
+ return render_template("clear.html",
+ url=kratos_api_response.logout_url)
+ except ory_kratos_client.ApiException as ex:
+ current_app.logger.error("Exception when calling"
+ " create_browser_logout_flow: %s\n",
+ ex)
current_app.logger.info("Hydra logout not completed. Redirecting to kratos logout, maybe user removed cookies manually")
return redirect("logout")
--
GitLab