Merge pull request #15 from fsinfuhh/id_token_hint

fsinfuhh · Feb 8, 2024 · 26193de · 26193de
2 parents 0f2328f + 8a7b7c8
commit 26193de
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 3 deletions.
diff --git a/...mple_openid_connect/integrations/django/migrations/0003_openidsession_add_raw_id_token.py b/...mple_openid_connect/integrations/django/migrations/0003_openidsession_add_raw_id_token.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.2.1 on 2024-02-08 07:55
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("simple_openid_connect_django", "0002_move_sessions_id_token"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="openidsession",
+            name="raw_id_token",
+            field=models.TextField(blank=True),
+        ),
+    ]
diff --git a/src/simple_openid_connect/integrations/django/models.py b/src/simple_openid_connect/integrations/django/models.py
@@ -87,6 +87,7 @@ def update_session(
             refresh_token=token_response.refresh_token or "",
             refresh_token_expiry=_calc_expiry(token_response.refresh_expires_in),
             _id_token=id_token.json(),  # type: ignore[unused-ignore,misc]
+            raw_id_token=token_response.id_token,
         )
 
 
@@ -107,6 +108,7 @@ class OpenidSession(models.Model):
     refresh_token = models.TextField(blank=True)
     refresh_token_expiry = models.DateTimeField(null=True)
     _id_token = models.TextField("json representation of this sessions is token")
+    raw_id_token = models.TextField(blank=True)
 
     @property
     def id_token(self) -> IdToken:
@@ -122,3 +124,4 @@ def update_session(self, token_response: TokenSuccessResponse) -> None:
         self.access_token_expiry = _calc_expiry(token_response.expires_in)
         self.refresh_token = token_response.refresh_token or ""
         self.refresh_token_expiry = _calc_expiry(token_response.refresh_expires_in)
+        self.raw_id_token = token_response.id_token
diff --git a/src/simple_openid_connect/integrations/django/views.py b/src/simple_openid_connect/integrations/django/views.py
@@ -26,7 +26,7 @@
     TokenSuccessResponse,
 )
 from simple_openid_connect.integrations.django.apps import OpenidAppConfig
-from simple_openid_connect.integrations.django.models import OpenidUser
+from simple_openid_connect.integrations.django.models import OpenidSession
 
 logger = logging.getLogger(__name__)
 
@@ -106,16 +106,24 @@ class LogoutView(View):
     """
 
     def get(self, request: HttpRequest) -> HttpResponse:
+        session_id = request.session.get("openid_session")
         logout(request)
         client = OpenidAppConfig.get_instance().get_client(request)
 
         if settings.LOGOUT_REDIRECT_URL is not None:
+            openid_session = (
+                OpenidSession.objects.get(id=session_id) if session_id else None
+            )
+
             logout_request = RpInitiatedLogoutRequest(
                 post_logout_redirect_uri=request.build_absolute_uri(
                     resolve_url(settings.LOGOUT_REDIRECT_URL)
-                ),
-                client_id=client.client_auth.client_id,
+                )
             )
+            if openid_session is not None and openid_session.raw_id_token is not None:
+                logout_request.id_token_hint = openid_session.raw_id_token
+            else:
+                logout_request.client_id = client.client_auth.client_id
         else:
             logout_request = None