Gitlab-Migration/demo-websites
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance /logout logic in nginx.conf to include id_token_hint in Keycloak logout URL and set post_logout_redirect_uri.

Browse Source
This commit is contained in:
Thatsaphorn
2025-06-18 00:46:12 +09:00
parent bff8dd78f0
commit 8781aa3a52
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nginx.conf
View File

@@ -40,17 +40,19 @@ http {
# Full logout: clears local session and redirects to Keycloak logout # Full logout: clears local session and redirects to Keycloak logout
location = /logout { location = /logout {
limit_except GET POST { deny all; } # allow both GET and POST limit_except GET POST { deny all; }
access_by_lua_block { access_by_lua_block {
local session = require("resty.session").start() local session = require("resty.session").start()
local id_token = session.data and session.data.id_token
session:destroy() session:destroy()
local logout_url = os.getenv("KEYCLOAK_LOGOUT_URL") local redirect_uri = "https://demo.rhein-software.dev"
if not logout_url then local logout_url = "https://sso.rhein-software.dev/realms/rheinsw/protocol/openid-connect/logout"
ngx.status = 500 .. "?post_logout_redirect_uri=" .. ngx.escape_uri(redirect_uri)
ngx.say("KEYCLOAK_LOGOUT_URL environment variable not set")
return if id_token then
logout_url = logout_url .. "&id_token_hint=" .. ngx.escape_uri(id_token)
end end
return ngx.redirect(logout_url) return ngx.redirect(logout_url)