Skip to content

Migrate logout endpoint to v1/logout #15613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rak-phillip merged 1 commit into from
Nov 19, 2025
Merged

Migrate logout endpoint to v1/logout #15613

rak-phillip merged 1 commit into from
Nov 19, 2025

Conversation

@rak-phillip
Copy link
Member

@rak-phillip rak-phillip commented Oct 10, 2025
edited by richard-cox
Loading

Summary

This updates the logout endpoint to v1/logout.

Fixes # 15326
Contributes to #15326

Occurred changes and/or fixed issues

  • Migrate logout endpoint from v3/tokens to v1/logout
  • Update the logout action to match the requirements for the new endpoint

Technical notes summary

This appears to behave mostly the same as before - the biggest change is that there is no logoutAction for the base case.

Areas or cases that should be tested

Local & Auth Providers logout actions, including SLO.

Areas which could experience regressions

Local & Auth Providers logout actions, including SLO.

Screenshot/Video

Checklist

  • The PR is linked to an issue and the linked issue has a Milestone, or no issue is needed
  • The PR has a Milestone
  • The PR template has been filled out
  • The PR has been self reviewed
  • The PR has a reviewer assigned
  • The PR has automated tests or clear instructions for manual tests and the linked issue has appropriate QA labels, or tests are not needed
  • The PR has reviewed with UX and tested in light and dark mode, or there are no UX changes
  • The PR has been reviewed in terms of Accessibility

@rak-phillip rak-phillip requested a review from aalves08 October 10, 2025 23:00
@rancher-ui-project-bot rancher-ui-project-bot bot added this to the v2.14.0 milestone Oct 10, 2025
@rak-phillip
Copy link
Member Author

rak-phillip commented Oct 10, 2025

This depends on rancher/rancher#51284 to merge

pmatseykanets
pmatseykanets reviewed Oct 10, 2025
View reviewed changes
aalves08
aalves08 requested changes Oct 20, 2025
View reviewed changes
Copy link
Member

@aalves08 aalves08 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rak-phillip something is wrong here:

Amazon Cognito OIDC:
https://github.com/user-attachments/assets/56cc7a2c-0308-40e2-b9d6-80cce75f2fed

Okta SAML:
https://github.com/user-attachments/assets/c477d81c-d0c5-47b5-8fec-ff5316f4938d

While trying both "full" logout's the URL the network request looks good logout&all but on both I was expecting to have to enter the credentials when logging back in, which didn't happen. I did a quick look-around of the UI's code and couldn't find anything suspicious/missing in relation to this PR. I am really thinking this might be a backend problem 🤔

I would say the best person to also cross-check this on Collie's side is Kevin McDermott since we worked together on the OIDC single-logout and he did a bit of refactoring to the logic on the backend side since we now support the feature in both SAML and OIDC providers 🙏

@aalves08
Copy link
Member

aalves08 commented Oct 21, 2025

@pmatseykanets @rak-phillip today I gave this a test without @rak-phillip change and the single-logout feature is currently broken 🙏

@richard-cox
Copy link
Member

richard-cox commented Oct 21, 2025

Please all bear in mind that this is currently a 2.14 issue and pr

@aalves08
Copy link
Member

aalves08 commented Oct 21, 2025
edited
Loading

@rak-phillip @pmatseykanets I can confirm that with @pmatseykanets changes rancher/rancher#52417, v2.13-af003d7ebf4d6e577c402ab8bf406c75ebd6992f-head, SLO is working on this PR for both SAML and OIDC providers.

Normal user logout + login with user+pass also working with this change.
The "normal" logout + login on OIDC is fine.
The "normal" logout + login on SAML is fine as well.

I tested v2.13-af003d7ebf4d6e577c402ab8bf406c75ebd6992f-head without @rak-phillip changes and all seems fine in all scenarios

@rak-phillip
Copy link
Member Author

rak-phillip commented Oct 21, 2025

Linking both backend fixes:

aalves08
aalves08 previously approved these changes Oct 21, 2025
View reviewed changes
Copy link
Member

@aalves08 aalves08 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rak-phillip rak-phillip mentioned this pull request Nov 12, 2025
Merged
9 tasks
aalves08
aalves08 approved these changes Nov 19, 2025
View reviewed changes
Copy link
Member

@aalves08 aalves08 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rak-phillip rak-phillip merged commit 5b44ee9 into rancher:master Nov 19, 2025
60 of 61 checks passed
@richard-cox richard-cox mentioned this pull request Nov 19, 2025
Open
@rancher-ui-project-bot rancher-ui-project-bot bot mentioned this pull request Nov 21, 2025
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aalves08 aalves08 aalves08 approved these changes

@pmatseykanets pmatseykanets Awaiting requested review from pmatseykanets

Assignees

@rak-phillip rak-phillip

Labels

None yet

Projects

None yet

Milestone

v2.14.0

Development

Successfully merging this pull request may close these issues.

4 participants

@rak-phillip @aalves08 @richard-cox @pmatseykanets