RP-Initiated Logout phase

[yannvery]

Hello,

Here is an implementation of the logout phase initiated by the RP.

The relative spec:
http://openid.net/specs/openid-connect-session-1_0.html#RPLogout

I've also updated openid_connect dependency to 1.1.6 which supports end_session_endpoint in discovery response.

For information I already use a fork of omniauth_openid_connect with openid_connect 1.1.6 on a rails app in production.

[ghost]

Assignment Branch Condition size for test_logout_phase_with_discovery is too high. [33.38/15]

[ghost]

Method has too many lines. [16/10]

[ghost]

Use %r around regular expression.

[ghost]

Assignment Branch Condition size for test_logout_phase_with_discovery_and_post_logout_redirect_uri is too high. [34.53/15]

[ghost]

Method has too many lines. [17/10]

[ghost]

Assignment Branch Condition size for other_phase is too high. [15.56/15]

[m0n9oose]

#5 (comment)

Not sure why but this thread marked as "outdated". Anyways, I'm totally fine with your latest suggestion. Apply it and we're good to go.

[ghost]

Line is too long. [87/80]

[ghost]

Line is too long. [96/80]

[ghost]

URI.regexp is obsolete and should not be used. Instead, use URI::DEFAULT_PARSER.make_regexp.

[ghost]

Use match? instead of match when MatchData is not used.

[m0n9oose]

Am i right in assumption issuer won't be set if discovery disabled?

[yannvery]

Yes.
Discovery issuer will be only used only discovery is enabled and options issuer was blank?

Another point, I'm wondering if you prefer that I avoid using rails blank? method here.

[m0n9oose]

Yes.
Discovery issuer will be only used only discovery is enabled and options issuer was blank?

Is this intentional change? Old code has different behaviour, I'm not sure about this.

Another point, I'm wondering if you prefer that I avoid using rails blank? method here.

Yeah, good point, it'd be great to avoid rails' methods.

[yannvery]

Ok I get it. You're right I've modified the behavior around the issuer.
Well it's not the purpose of the PR, so I've decided to keep the original implementation.

[m0n9oose]

Please consider the following changes:

def other_phase
  return call_app! unless logout_path_pattern.match(current_path)
  discover!
  redirect(end_session_uri) if end_session_uri  
end

[yannvery]

call_app! must be called when end_session_uri is falsy

I could change as the following (could be harder to read with multiple return and call_app! calls)

def other_phase
  return call_app! unless logout_path_pattern.match(current_path)
  discover!
  return redirect(end_session_uri) if end_session_uri
  call_app!
end

[m0n9oose]

1. what's the point to pass config as argument?
2. what's the point of extraction setup_client_options method? how does it pay for itself?
3. please avoid using Rails methods in gems which can be used outside of Rails project (try)

Consider the following changes:

def discover!
  return unless options.discovery
  client_options.authorization_endpoint = config.authorization_endpoint
  client_options.token_endpoint = config.token_endpoint
  client_options.userinfo_endpoint = config.userinfo_endpoint
  client_options.jwks_uri = config.jwks_uri
  client_options.end_session_endpoint = config.end_session_endpoint if config.respond_to?(:end_session_endpoint)
end

[yannvery]

Totally agree, I can't explain why I did that.
Thanks for your feedback.

[m0n9oose]

Please rebase your work branch on top of current master branch

[ghost]

Assignment Branch Condition size for test_logout_phase_with_discovery is too high. [33.38/15]

[ghost]

Method has too many lines. [16/10]

[ghost]

Assignment Branch Condition size for test_logout_phase_with_discovery_and_post_logout_redirect_uri is too high. [34.53/15]

[ghost]

Method has too many lines. [17/10]

[ghost]

Add empty line after guard clause.

[ghost]

Add empty line after guard clause.

[ghost]

Line is too long. [118/80]

[ghost]

Add empty line after guard clause.

[m0n9oose]

Yes.
Discovery issuer will be only used only discovery is enabled and options issuer was blank?

Is this intentional change? Old code has different behaviour, I'm not sure about this.

Another point, I'm wondering if you prefer that I avoid using rails blank? method here.

Yeah, good point, it'd be great to avoid rails' methods.

[m0n9oose]

#5 (comment)

Not sure why but this thread marked as "outdated". Anyways, I'm totally fine with your latest suggestion. Apply it and we're good to go.

[ghost]

Use 2 (not 0) spaces for indentation.

[ghost]

Inconsistent indentation detected.

[ghost]

Assignment Branch Condition size for other_phase is too high. [16.52/15]

[ghost]

Line is too long. [81/80]

[ghost]

Add empty line after guard clause.

[ghost]

Add empty line after guard clause.

[ghost]

Line is too long. [118/80]

[ghost]

Add empty line after guard clause.

[ghost]

Line is too long. [81/80]

[yannvery]

Sorry, for the delay of my response.
I prefer to not fix all the bot issues and avoid making too many modifications in 1 PR.

[m0n9oose]

Yeah, makes sense

…

-- Best regards, Ilia Shcherbinin

On 1 February 2019 at 20:08:53, Yann VERY ***@***.***) wrote: Sorry, for the delay of my response. I prefer to not fix all the bot issues and avoid making too many modifications in 1 PR. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#5 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABaPnOoaDB8lYlnNn7aLPVO_FCurtW2Xks5vJJDFgaJpZM4WLDk5> .

[ghost]

Assignment Branch Condition size for test_logout_phase_with_discovery is too high. [33.38/15]

[ghost]

Method has too many lines. [16/10]

[ghost]

Assignment Branch Condition size for test_logout_phase_with_discovery_and_post_logout_redirect_uri is too high. [34.53/15]

[ghost]

Method has too many lines. [17/10]

[ghost]

Line is too long. [81/80]

[ghost]

Line is too long. [81/80]

[ghost]

Add empty line after guard clause.

[ghost]

Add empty line after guard clause.

[ghost]

Line is too long. [118/80]

[ghost]

Add empty line after guard clause.