Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Logout Configuration #32

Open
SamuelBradley opened this issue Aug 28, 2019 · 5 comments
Open

No Logout Configuration #32

SamuelBradley opened this issue Aug 28, 2019 · 5 comments

Comments

@SamuelBradley
Copy link

There doesn't seem to be any way to configure the api call that gets made on logout so ckan isn't actually logging me out of my account i.e. when i press logout and then login I am not prompted to login again.
@aitormagan
Copy link
Contributor

aitormagan commented Aug 28, 2019 via email

@pazepaze
Copy link

pazepaze commented Jul 3, 2020

In my (private) fork I solved this issue for keycloak. Since OAuth2Plugin already implements IAuthenticator, if a logout() function is added to this class, it will be called on logout. The username can be retrieved using repoze.who. With the stored token for this username, the logout on keycloak can be called with a library like "python-keycloak" or "python-keycloak-client".

@marcyborg
Copy link

@aitormagan so in CKAN native there isn't a method that could handle this kind of issue?

@pazepaze is that implementation visible on your repo? I don't use Keycloak unfortunately, perhaps could be useful have a look at it.

Thanks for your attention.

@pazepaze
Copy link

pazepaze commented Mar 10, 2021
edited

Sure, that's how I did it:

in plugin.py

class OAuth2Plugin(plugins.SingletonPlugin):
...

    def logout(self):
        user_name = None
        environ = toolkit.request.environ
        if 'repoze.who.identity' in environ:
            user_name = environ['repoze.who.identity']['repoze.who.userid']

        log.debug('Trying to logout user %s in keycloak...' % user_name)
        stored_token = self.oauth2helper.get_stored_token(user_name)
        if stored_token:
            try:
                self.keycloak_openid.logout(stored_token['refresh_token'])
            except Exception:
                log.warn('Failed to logout user %s in keycloak!' % user_name)
        else:
            log.warn('No token stored for user %s' % user_name)

...

keycloak_openid is just the keycloak client instance from the python-keycloak library

@sanamart
Copy link

sanamart commented Aug 4, 2021
edited

Hi @pazepaze , i just have a question. I tried to use your code and i have installed $ pip install python-keycloak but when i run my container i keep getting the same error:

from keycloak import KeycloakOpenID ImportError: No module named keycloak

Any ideas why this is happening?

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@aitormagan @SamuelBradley @marcyborg @pazepaze @sanamart