letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Track user session authenticated through upstream auth sessions

Browse Source 
This will help us avoid clearing upstream authorization sessions that
might still be useful to keep around for OIDC Backchannel Logouts
This commit is contained in:
Quentin Gliech
2026-01-21 12:18:38 +01:00
parent eb76e8d3ae
commit 63f02c4dea
8 changed files with 61 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
crates/handlers/src/upstream_oauth2/link.rs
View File

@@ -278,7 +278,7 @@ pub(crate) async fn get(
// user. Mark the session as consumed and renew the authentication.
let upstream_session = repo
.upstream_oauth_session()
.consume(&clock, upstream_session)
.consume(&clock, upstream_session, &session)
.await?;
repo.browser_session()
@@ -358,7 +358,7 @@ pub(crate) async fn get(
let upstream_session = repo
.upstream_oauth_session()
.consume(&clock, upstream_session)
.consume(&clock, upstream_session, &session)
.await?;
repo.browser_session()
@@ -697,7 +697,7 @@ pub(crate) async fn get(
let upstream_session = repo
.upstream_oauth_session()
.consume(&clock, upstream_session)
.consume(&clock, upstream_session, &session)
.await?;
repo.browser_session()
@@ -905,7 +905,7 @@ pub(crate) async fn post(
let upstream_session = repo
.upstream_oauth_session()
.consume(&clock, upstream_session)
.consume(&clock, upstream_session, &session)
.await?;
repo.browser_session()

2
crates/handlers/src/views/register/steps/finish.rs
View File

@@ -321,7 +321,7 @@ pub(crate) async fn get(
if let Some((upstream_session, upstream_link)) = upstream_oauth {
let upstream_session = repo
.upstream_oauth_session()
.consume(&clock, upstream_session)
.consume(&clock, upstream_session, &user_session)
.await?;
repo.upstream_oauth_link()