mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-01-08 04:30:20 -06:00
04ed5ef8ae
ixes #88 When OIDC_POST_LOGOUT_REDIRECT_URI was unset, the application was still attempting RP-Initiated Logout by falling back to a generated redirect URL. This caused issues with OIDC providers like Authelia that don't support RP-Initiated Logout, resulting in failed redirects to unsupported endpoints. Changes: - Modified logout logic in app/routes/auth.py to only attempt provider logout when OIDC_POST_LOGOUT_REDIRECT_URI is explicitly configured - If unset, users are now logged out locally and redirected to the TimeTracker login page (expected behavior) - If set, RP-Initiated Logout proceeds as before (backward compatible) Documentation: - Updated docs/OIDC_SETUP.md with guidance on when to set the config - Added clear comments in env.example explaining optional behavior - Documented troubleshooting steps for providers without RP-Initiated Logout support (e.g., Authelia) Tests: - Added comprehensive test suite (tests/test_oidc_logout.py) with 9 tests covering different logout scenarios and edge cases - All existing tests continue to pass (no regressions) This change is fully backward compatible. Users with providers supporting RP-Initiated Logout can continue using OIDC_POST_LOGOUT_REDIRECT_URI as before. Users with providers like Authelia should leave it unset for local-only logout.