Menu
I'm using Doorkeeper for my Rails app, and I'm trying to make so that when a user signs out from the doorkeeper provider, the user will automatically signs out from all apps.
By default, when a user signs out from an app, he will still be signed in at the doorkeeper provider app.
This is my session controller from my Doorkeeper provider.
class SessionsController < ApplicationController
def new
redirect_to root_path if current_user
session[:return_to] = params[:return_to] if params[:return_to]
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
if session[:return_to]
redirect_to session[:return_to]
session[:return_to] = nil
else
redirect_to root_path
end
else
flash.now.alert = "Email or password is invalid"
render "new"
end
end
def destroy
session[:user_id] = nil
flash[:alert] = "Sign Out successfully"
redirect_to new_session_path
end
end
This is my session controller from one of my app:
class SessionsController < ApplicationController
def create
auth = request.env["omniauth.auth"]
user = User.find_by_provider_and_uid(auth["provider"], auth["uid"]) || User.create_with_omniauth(auth)
session[:user_id] = user.id
session[:access_token] = auth["credentials"]["token"]
redirect_to root_url
end
def destroy
session[:user_id] = nil
session[:access_token] = nil
redirect_to root_url
end
end
I wrote my own user authentication for the Doorkeeper provider app, but I used Devise for own of my app connected to my Doorkepeer provider app.
At the moment, when I sign out from my Doorkeeper app, I'm still signed in at my other app. So how do I make so that I sign out from Doorkeeper, and that will make me sign out from all apps as well?
696
If you want to log the user out of single application, just simply destroy their session only within the application instead of signing them out from the Identity Provider. Is there any news whether Azure AD implemented the front channel SLO?
If you are using Okta for Single Sign-On (SSO) and you want to close and sign out of the Okta session, you can use the SAML Application Integration Wizard to configure SLO: In the Admin Console, go to Applications > Applications. Click the SAML application where you want to add SLO.
Achieving single sign out from your application and Office 365 (and AAD of course) is fairly simple, you simply redirect the user to a signout URL like this (specified as end_session_endpoint in the OIDC metadata ): await HttpContext. Authentication.
Single Sign-Out SAML Protocol. Azure Active Directory (Azure AD) supports the SAML 2.0 web browser single sign-out profile. For single sign-out to work correctly, the LogoutURL for the application must be explicitly registered with Azure AD during application registration. Azure AD uses the LogoutURL to redirect users after they're signed out.
you would have to either send an API call from the doorkeeper app to each client app telling them to remove sessions for specific user, or you would need to have your client app query the doorkeeper app regularly to ensure that the session or access token is still active. The latter is probably the better strategy, although it will end up making more API calls.
96
I think this article will be helpful:
A Sane Oauth Federation Strategy With Doorkeeper in Ruby
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
