mirror of
https://github.com/discourse/discourse.git
synced 2025-02-21 07:28:58 +08:00
ad2aa7b52c
This commit adds support for an optional "logout" parameter in the payload of the /session/sso_provider endpoint. If an SSO Consumer adds a "logout=true" parameter to the encoded/signed "sso" payload, then Discourse will treat the request as a logout request instead of an authentication request. The logout flow works something like this: * User requests logout at SSO-Consumer site (e.g., clicks "Log me out!" on web browser). * SSO-Consumer site does whatever it does to destroy User's session on the SSO-Consumer site. * SSO-Consumer then redirects browser to the Discourse sso_provider endpoint, with a signed request bearing "logout=true" in addition to the usual nonce and the "return_sso_url". * Discourse destroys User's discourse session and redirects browser back to the "return_sso_url". * SSO-Consumer site does whatever it does --- notably, it cannot request SSO credentials from Discourse without the User being prompted to login again.