oceanbox/Poseidon
6
0
Fork 0
Code Issues 48 Pull Requests 6 Actions Packages Projects Releases 149 Wiki Activity

fix(multiauth): Add clientId to redirect on signout

Browse Source 
Previously we used `id_token_hint`, but it's saved in the cookie.
This will instead require a client_id (which identifies your application),
so Keycloak knows which application you’re requesting a redirect for.
This commit is contained in:
Moritz Jörg
2026-01-20 14:04:46 +01:00
parent d8d5e076ba
commit 54c40d7acc
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ServerPack/src/MultiAuth.fs
View File

@@ -296,6 +296,7 @@ let oidOptions (settings: MultiAuthSettings) (o: OpenIdConnectOptions) =
fun e ->
task {
eprintfn "[MultiAuth] RedirectToIdentityProvider: %A" e.Request.Host.Value
e.ProtocolMessage.ClientId <- settings.oidc.clientId
// HACK: For https behind proxy
e.ProtocolMessage.RedirectUri <- $"https://{e.Request.Host.Value}/signin-oidc"
return ()
@@ -303,6 +304,9 @@ let oidOptions (settings: MultiAuthSettings) (o: OpenIdConnectOptions) =
o.Events.OnRedirectToIdentityProviderForSignOut <-
fun e ->
task {
eprintfn "[MultiAuth] OnRedirectToIdentityProviderForSignOut: %A" e.Request.Host.Value
// HACK: Avoid saving tokens
e.ProtocolMessage.ClientId <- settings.oidc.clientId
// HACK: For https behind proxy
e.ProtocolMessage.PostLogoutRedirectUri <- $"https://{e.Request.Host.Value}/signout-callback-oidc"
return ()