diff --git a/src/blueapi/service/main.py b/src/blueapi/service/main.py index 28c6263f30..4115296673 100644 --- a/src/blueapi/service/main.py +++ b/src/blueapi/service/main.py @@ -1,4 +1,5 @@ import logging +import urllib.parse from collections.abc import Awaitable, Callable from contextlib import asynccontextmanager from enum import Enum @@ -541,10 +542,11 @@ def logout(runner: Annotated[WorkerDispatcher, Depends(_runner)]) -> Response: config = runner.run(interface.get_oidc_config) if config is None or not config.logout_redirect_endpoint: raise HTTPException(status_code=status.HTTP_205_RESET_CONTENT) + + encoded_url = urllib.parse.quote_plus(config.end_session_endpoint) return RedirectResponse( status_code=status.HTTP_308_PERMANENT_REDIRECT, - url=config.logout_redirect_endpoint, - headers={"X-Auth-Request-Redirect": config.end_session_endpoint}, + url=config.logout_redirect_endpoint.rstrip("/") + "?rd=" + encoded_url, ) diff --git a/tests/unit_tests/service/test_rest_api.py b/tests/unit_tests/service/test_rest_api.py index 1745febaf5..0b18d36da5 100644 --- a/tests/unit_tests/service/test_rest_api.py +++ b/tests/unit_tests/service/test_rest_api.py @@ -734,16 +734,15 @@ def test_logout( oidc_config: OIDCConfig, client_with_auth: TestClient, ): - oidc_config.logout_redirect_endpoint = "/oauth2/logout" + oidc_config.logout_redirect_endpoint = "/oauth2/sign_out/" mock_runner.run.return_value = oidc_config client_with_auth.follow_redirects = False response = client_with_auth.get("/logout") assert response.status_code == status.HTTP_308_PERMANENT_REDIRECT assert ( - response.headers.get("X-Auth-Request-Redirect") - == oidc_config.end_session_endpoint + response.headers.get("location") + == "/oauth2/sign_out?rd=https%3A%2F%2Fexample.com%2Fend_session" ) - assert response.headers.get("location") == oidc_config.logout_redirect_endpoint @pytest.mark.parametrize("has_oidc_config", [True, False])