feat(sonic): logout functionality (!22) · Merge requests · Tardis Admins / NixOS Configs

Merlin Hancock requested to merge merlin/nix:sonic-logout into main Sep 27, 2024

Currently we only use oauth parts of the full openid connect that keycloak supports. This basically just tacks on storing an id_token provided by keycloak which we then use to logout.

Before any merge, the sonic.toml at secrets/sonicRocketToml.age should be updated to have the below values:

[auth]
end_session_uri = "https://id.tardisproject.uk/realms/master/protocol/openid-connect/logout"
login_uri = "https://tardisproject.uk/login"

A useful reference will be: https://openid.net/specs/openid-connect-rpinitiated-1_0.html Keeping it as a draft for now since it involves (kinda) auth and it would be good to get some more eyes on it.

Some CI Failed but I think thats something else.

Will mention at pub 30/09/2024 and probably get someone to glance through it. Feel free to make any changes / suggestions :P

feat(sonic): logout functionality

Merge request reports