Giter VIP home page Giter VIP logo

Comments (5)

jvinolas avatar jvinolas commented on August 30, 2024 1

Perfect! So quick, thanks! You can close this one.

from mokey.

jvinolas avatar jvinolas commented on August 30, 2024

I've looked at the browser storage and the mokey-sessck is only set when doing login directly on mokey interface (https://login.server/auth/login), not if validating through hydra (https://login.server/oauth/login?challenge...), neither if bypassing hydra.

So, at logout, mokey cookie just doesn't exist. I think this is a bug.

from mokey.

aebruno avatar aebruno commented on August 30, 2024

@jvinolas thanks for the report. This may or may not be related to your issue. But there was definitely a bug in the logout/revoke session handling in mokey. This has been fixed in f8c8e35. The error was:

level=warning msg="Logout - Failed to revoke hydra authentication session" error="response status code does not match any response statuses defined for this endpoint in the swagger spec (status 502): {}"

The way the current logout/revoke works in mokey is that it assumes you're running hydra and mokey on the same server. It also assumes you're running the hydra administrative API endpoint (port 4445) bound to localhost with fake-tls-termination enabled. When a user signs out, mokey makes an admin API request to hydra to destroy all sessions for that user. In this case there is no need to implement the user logout flow.

from mokey.

jvinolas avatar jvinolas commented on August 30, 2024

Sorry, I did not explain well. I'm using freeipa+mokey+hydra in a docker-compose, all in the same internal network (what it is almost the same as having it in the same host).

Validation is going correctly from my client apps (moodle/nextcloud) but when I go to logout from any app it fails:

level=warning msg="Logout - Failed to revoke hydra authentication session" error="No sid or user found in session"
Even with the fake-tls-termination enabled. When I logout from apps they redirect to /auth/logout, but as you can see from the code and from the error, mokey is trying to guess the user id from mokey-sessck cookie that was not set on login. I've checked that the mokey-sessck is not being set when doing this login flow through hydra but correctly set if not using oauth at all (validating in mokey with basic auth, not from app/hydra).

from mokey.

aebruno avatar aebruno commented on August 30, 2024

@jvinolas Thanks so much for the additional details. Think I got this fixed up. Can you test? Let me know and I'll close this out.

from mokey.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.