Add Keycloak integration for logout functionality and create login/logout HTML components

2025-02-22 20:55:14 -06:00
parent e7f1e6ae92
commit 301b036f3c
4 changed files with 179 additions and 0 deletions
--- a/cmd/start.go
+++ b/cmd/start.go
@ -19,6 +19,7 @@ package cmd
 import (
 	"log"
 	"net/http"
+	"net/url"

 	"context"

@ -80,6 +81,37 @@ var startCmd = &cobra.Command{
 		// Register handlers
 		httpRequestRouter.HandleFunc("/login", middleware.LoginHandler(authConfig))
 		httpRequestRouter.HandleFunc("/callback", middleware.CallbackHandler(authConfig))
+		// Update the logout handler to include Keycloak integration
+		httpRequestRouter.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) {
+			// 1. Get session and immediately expire it
+			session, _ := authConfig.Store.Get(r, "auth-session")
+			session.Values["authenticated"] = false
+			session.Options.MaxAge = -1 // Immediate deletion
+			session.Save(r, w)
+
+			// 2. Keycloak logout parameters
+			keycloakLogoutURL, err := url.Parse(viper.GetString("issuer-url") + "/protocol/openid-connect/logout")
+			if err != nil {
+				log.Printf("Error parsing logout URL: %v", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+				return
+			}
+
+			// 3. Build logout URL with post_logout_redirect_uri and id_token_hint
+			q := keycloakLogoutURL.Query()
+			q.Set("post_logout_redirect_uri", viper.GetString("redirect-url"))
+			q.Set("client_id", viper.GetString("client-id"))
+
+			// Retrieve ID token from session if available
+			if idToken, ok := session.Values["id_token"].(string); ok {
+				q.Set("id_token_hint", idToken)
+			}
+
+			keycloakLogoutURL.RawQuery = q.Encode()
+
+			// 4. Redirect to Keycloak for global session termination
+			http.Redirect(w, r, keycloakLogoutURL.String(), http.StatusFound)
+		})

 		// Update middleware stack
 		stack := middleware.CreateStack(