mig5
January 15, 2025, 12:59am
1
Hi, it’s me again
I am running a self-hosted Taiga via Docker.
I need to modify the Logout action in the user’s dropdown nav so that after it performs authService.logout(), it redirects to a different URL instead of ‘discover’. (and an actual redirect, not just changing the location URL which is what seems to currently be the case)
I have been trying to add my own compiled coffee script as its own frontend plugin, but I’m not having luck. I’m not a frontend dev and this is my first time using Angular etc
Would any frontend Taiga devs be able to show me a simple example ?
I am already using an OIDC plugin that extends the Login interface to add an OIDC login button. I am trying to do the same sort of thing with the Logout option but I still need it to perform the native authService.logout() as seen here: taiga-front/app/modules/navigation-bar/dropdown-user/dropdown-user.directive.coffee at e032ca756e8bc48678bd18d8a4c992b6ae4f737e · taigaio/taiga-front · GitHub
mig5
January 15, 2025, 11:13pm
2
I was (once again) able to solve my problem and got some Angular code to work which reacts to the $auth:logout broadcast:
taigaio:master ← privat-eco:pe-call-logout-endpoint-before-login
I didn't want to force a logout when clicking Login, because the user might've a… lready been logged in at OIDC and so they should be seamlessly logged into this app too due to the existing session at the OP.
My solution was similar to the above (thank you very much for the Angular hints!), but different:
1) added this to the end of the existing coffee file
```
# Register the run block to handle 'auth:logout' events
module.run(['$rootScope', '$window', ($rootScope, $window) ->
$rootScope.$on('auth:logout', () ->
# Perform a full browser redirect to the logout URL
$window.location.href = '/api/oidc/logout/'
)
])
```
2) Ensured `OIDC_STORE_ID_TOKEN = True` in `config.py` (this makes mozilla django oidc library store the id_token in the session). See https://mozilla-django-oidc.readthedocs.io/en/stable/settings.html#OIDC_STORE_ID_TOKEN
3) Created a `provider_logout()` method in `oidc.py` that looked like this (your logout URL might look different depending on your OP):
```
[...]
from django.contrib.auth import logout
[...]
# See https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#log-user-out-of-the-openid-connect-provider
def provider_logout(request):
id_token = request.session.get("oidc_id_token")
redirect_url = f"https://your-op-provider.com/oauth2/sessions/logout?id_token_hint={id_token}&post_logout_redirect_uri=https://your-taiga-domain.com"
# End the session in Django.
logout(request)
return redirect_url
```
4) Set this in `config.py`:
```
# See https://mozilla-django-oidc.readthedocs.io/en/stable/settings.html#OIDC_OP_LOGOUT_URL_METHOD
ALLOW_LOGOUT_GET_METHOD = True
OIDC_OP_LOGOUT_URL_METHOD = 'taiga_contrib_oidc_auth.oidc.provider_logout'
```
Now requests to `/api/oidc/logout/` (note the trailing slash) trigger both the end of the django session and also redirect to the OP to end the login session at the OP. The user is fully logged out (and doesn't just get auto-logged in next time they step through the OIDC login flow)
