Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25c6cadc authored by Fahim Salam Chowdhury's avatar Fahim Salam Chowdhury 👽 Committed by Fahim M. Choudhury
Browse files

fix: pass clientId on OIDC logout flow making logout happen properly even with missing idToken 

For the latest Keycloak version, if the post_logout_redirect_uri is used, then we have to pass id_token_hint / client_id. But, id_token_hint cannot be initialized when refresh token happens / new login happens. In these cases, we want to pass client_id.
parent 53dfdb33

app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt

+14 −9
Original line number Diff line number Diff line
@@ -67,15 +67,20 @@ class OpenIdEndSessionActivity : Activity() { 
    ) {

        authorizationService = AuthorizationService(applicationContext)



        val redirectUri =

            IdentityProvider.retrieveByAccountType(this, accountType)?.logoutRedirectUri



        val intent = authorizationService!!.getEndSessionRequestIntent(

            EndSessionRequest.Builder(configuration)

                .setIdTokenHint(authState.idToken)

                .setPostLogoutRedirectUri(redirectUri)

                .build()

        )

        val identityProvider = IdentityProvider.retrieveByAccountType(this, accountType) ?: return

        val redirectUri = identityProvider.logoutRedirectUri

        val clientId = identityProvider.clientId



        val endSessionRequestBuilder = EndSessionRequest.Builder(configuration)



        redirectUri?.let { endSessionRequestBuilder.setPostLogoutRedirectUri(it) }

        authState.idToken?.let { endSessionRequestBuilder.setIdTokenHint(it) }



        endSessionRequestBuilder.setAdditionalParameters(mapOf("client_id" to clientId))



        val intent =

            authorizationService?.getEndSessionRequestIntent(endSessionRequestBuilder.build())

                ?: return



        startActivity(intent)

    }