From 95c6548429416f98339d869e869bbc3205288c88 Mon Sep 17 00:00:00 2001 From: Fahim Salam Chowdhury Date: Wed, 7 May 2025 13:16:32 +0600 Subject: [PATCH 1/2] fix: pass clientId on oidc logout flow, so can logout properly when IdToken is missing for latest keycloak version, if the post_logout_redirect_uri is used, then we have to pass id_token_hint / client_id. But, id_token_hint can not initialized when refresh token happens / new login happens. In these cases, we want to pass client_id. For more details: https://dev.to/austincunningham/keycloak-1901-and-setting-the-idtokenhint-220c issue: https://gitlab.e.foundation/e/infra/backlog/-/issues/4162 --- .../ui/signout/OpenIdEndSessionActivity.kt | 33 ++++++++++++++----- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt b/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt index 5001315b4..9ea3766ec 100644 --- a/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt +++ b/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt @@ -67,15 +67,30 @@ class OpenIdEndSessionActivity : Activity() { ) { authorizationService = AuthorizationService(applicationContext) - val redirectUri = - IdentityProvider.retrieveByAccountType(this, accountType)?.logoutRedirectUri - - val intent = authorizationService!!.getEndSessionRequestIntent( - EndSessionRequest.Builder(configuration) - .setIdTokenHint(authState.idToken) - .setPostLogoutRedirectUri(redirectUri) - .build() - ) + val identityProvider = IdentityProvider.retrieveByAccountType(this, accountType) + val redirectUri = identityProvider?.logoutRedirectUri + val clientId = identityProvider?.clientId + + val endSessionRequestBuilder = EndSessionRequest.Builder(configuration) + + redirectUri?.let { + endSessionRequestBuilder.setPostLogoutRedirectUri(it) + } + + authState.idToken?.let { + endSessionRequestBuilder.setIdTokenHint(it) + } + + clientId?.let { + endSessionRequestBuilder.setAdditionalParameters( + mapOf("client_id" to it) + ) + } + + + val intent = authorizationService?.getEndSessionRequestIntent( + endSessionRequestBuilder.build() + ) ?: return startActivity(intent) } -- GitLab From 5ff70fa866514f438036b00a9f2a490d425ca473 Mon Sep 17 00:00:00 2001 From: Fahim Masud Choudhury Date: Tue, 27 May 2025 13:48:12 +0600 Subject: [PATCH 2/2] refactor: organize code --- .../ui/signout/OpenIdEndSessionActivity.kt | 28 ++++++------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt b/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt index 9ea3766ec..5fd4f71ed 100644 --- a/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt +++ b/app/src/main/kotlin/at/bitfire/davdroid/ui/signout/OpenIdEndSessionActivity.kt @@ -67,30 +67,20 @@ class OpenIdEndSessionActivity : Activity() { ) { authorizationService = AuthorizationService(applicationContext) - val identityProvider = IdentityProvider.retrieveByAccountType(this, accountType) - val redirectUri = identityProvider?.logoutRedirectUri - val clientId = identityProvider?.clientId + val identityProvider = IdentityProvider.retrieveByAccountType(this, accountType) ?: return + val redirectUri = identityProvider.logoutRedirectUri + val clientId = identityProvider.clientId val endSessionRequestBuilder = EndSessionRequest.Builder(configuration) - redirectUri?.let { - endSessionRequestBuilder.setPostLogoutRedirectUri(it) - } - - authState.idToken?.let { - endSessionRequestBuilder.setIdTokenHint(it) - } - - clientId?.let { - endSessionRequestBuilder.setAdditionalParameters( - mapOf("client_id" to it) - ) - } + redirectUri?.let { endSessionRequestBuilder.setPostLogoutRedirectUri(it) } + authState.idToken?.let { endSessionRequestBuilder.setIdTokenHint(it) } + endSessionRequestBuilder.setAdditionalParameters(mapOf("client_id" to clientId)) - val intent = authorizationService?.getEndSessionRequestIntent( - endSessionRequestBuilder.build() - ) ?: return + val intent = + authorizationService?.getEndSessionRequestIntent(endSessionRequestBuilder.build()) + ?: return startActivity(intent) } -- GitLab