Is logout hardcoded?

[oculos]

I am trying to modify the

@app.route('/logout')

function.

However, even if I erase the decoration and the function, I still get a default behavior for the /logout endpoint, which is a redirect to the root url.

Is it so? Is there a way to configure it differently?

[abompard]

Hi! Which version of flask-oidc are you running? I don't see a logout route applied to the main app in the current code.

[brucewilson]

I know this is an old issue but I had the same issue. It took me too long to figure this out but that route is defined in https://github.com/fedora-infra/flask-oidc/blob/develop/flask_oidc/views.py#L78

And, in case this is useful to other people trying to fix logout, this version doesn't log the user out of their keycloak session so I ended up defining a different route ("/logmeout") which does this:

from yarl import URL

@server.route('/logmeout')
@oidc.require_login
def logout():
    url = oidc.client_secrets.get('issuer')
    referer = URL(request.headers.get('Referer'))
    hosturl = referer.origin()

    # make flask-oidc throw away the auth token
    session.pop('oidc_auth_token')

    # make keycloak throw away the session
    return redirect('%s/protocol/openid-connect/logout?client_id=myclient-app&post_logout_redirect_uri=%s' %
        (url, hosturl))

[abompard]

Thanks for posting here @brucewilson !

It looks like this relies on the RP-Initiated Logout spec, which is not a draft anymore. There is even an Authlib ticket about implementing it there, Authlib being the library we use in flask-oidc. Once they have implemented it, I'd be happy to add it to Flask-OIDC, or review a PR that would add it.

In the meantime I hope your implementation will help other users, thanks again!

[brucewilson]

Oh, it would be great to have it implemented by flask-oidc!