Skip to content

Oidc logout redirect uri #1178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lovasoa merged 1 commit into from
Jan 8, 2026
Merged

Oidc logout redirect uri #1178

lovasoa merged 1 commit into from
Jan 8, 2026

Conversation

@lovasoa
Copy link
Collaborator

@lovasoa lovasoa commented Jan 8, 2026

Fixes OIDC logout redirect URI to use the configured application scheme, resolving incorrect redirects behind proxies.

Previously, the post_logout_redirect_uri was constructed using the scheme of the incoming request, which could be HTTP even if the application was configured for HTTPS (e.g., when behind a TLS-terminating proxy). This led to the OIDC provider redirecting back to an insecure HTTP URL after logout, causing issues like those described in #1174. This change ensures the post_logout_redirect_uri is derived from the OIDC client's configured redirect URL, maintaining the correct scheme and host. A new test case test_oidc_logout_uses_correct_scheme has been added to verify this behavior.

Open in Cursor Open in Web

@cursor
Copy link

cursor bot commented Jan 8, 2026

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
Learn more about Cursor Agents

@lovasoa lovasoa force-pushed the cursor/oidc-logout-redirect-uri-cb05 branch from 72427de to d4f1671 Compare January 8, 2026 13:40
@lovasoa lovasoa linked an issue Jan 8, 2026 that may be closed by this pull request
sqlpage.oidc_logout_url http instead https #1174
Closed
@lovasoa
Fix invalid redirect url scheme behind reverse proxy
629087b 
This commit refactors the OIDC tests to use a more robust fake OIDC provider and improves the logout URL generation to correctly handle the scheme.

Fixes #1174
@lovasoa lovasoa force-pushed the cursor/oidc-logout-redirect-uri-cb05 branch from d4f1671 to 629087b Compare January 8, 2026 13:59
@lovasoa lovasoa marked this pull request as ready for review January 8, 2026 14:00
@lovasoa lovasoa merged commit 72eff80 into main Jan 8, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sqlpage.oidc_logout_url http instead https

2 participants

@lovasoa