fix(oidc): rewrite login flow, fixed end_session_url retrieval and redirect issue

2026-04-21 08:21:51 +02:00 · 2025-04-22 19:25:31 +08:00
parent 077641beaa
commit 9e0bdd964c
10 changed files with 121 additions and 129 deletions
--- a/internal/api/v1/auth/utils.go
+++ b/internal/api/v1/auth/utils.go
@@ -1,6 +1,8 @@
 package auth

 import (
+	"crypto/rand"
+	"encoding/base64"
 	"net"
 	"net/http"
 	"time"
@@ -73,8 +75,11 @@ func clearTokenCookie(w http.ResponseWriter, r *http.Request, name string) {
 	})
 }

-// DefaultLogoutCallbackHandler clears the token cookie and redirects to the login page..
-func DefaultLogoutCallbackHandler(auth Provider, w http.ResponseWriter, r *http.Request) {
-	clearTokenCookie(w, r, auth.TokenCookieName())
-	auth.RedirectLoginPage(w, r)
+// generateState generates a random string for OIDC state.
+const oidcStateLength = 32
+
+func generateState() string {
+	b := make([]byte, oidcStateLength)
+	_, _ = rand.Read(b)
+	return base64.URLEncoding.EncodeToString(b)[:oidcStateLength]
 }