mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 20:38:00 +00:00
041af26917
# Which Problems Are Solved Currently ZITADEL supports RP-initiated logout for clients. Back-channel logout ensures that user sessions are terminated across all connected applications, even if the user closes their browser or loses connectivity providing a more secure alternative for certain use cases. # How the Problems Are Solved If the feature is activated and the client used for the authentication has a back_channel_logout_uri configured, a `session_logout.back_channel` will be registered. Once a user terminates their session, a (notification) handler will send a SET (form POST) to the registered uri containing a logout_token (with the user's ID and session ID). - A new feature "back_channel_logout" is added on system and instance level - A `back_channel_logout_uri` can be managed on OIDC applications - Added a `session_logout` aggregate to register and inform about sent `back_channel` notifications - Added a `SecurityEventToken` channel and `Form`message type in the notification handlers - Added `TriggeredAtOrigin` fields to `HumanSignedOut` and `TerminateSession` events for notification handling - Exported various functions and types in the `oidc` package to be able to reuse for token signing in the back_channel notifier. - To prevent that current existing session termination events will be handled, a setup step is added to set the `current_states` for the `projections.notifications_back_channel_logout` to the current position - [x] requires https://github.com/zitadel/oidc/pull/671 # Additional Changes - Updated all OTEL dependencies to v1.29.0, since OIDC already updated some of them to that version. - Single Session Termination feature is correctly checked (fixed feature mapping) # Additional Context - closes https://github.com/zitadel/zitadel/issues/8467 - TODO: - Documentation - UI to be done: https://github.com/zitadel/zitadel/issues/8469 --------- Co-authored-by: Hidde Wieringa <hidde@hiddewieringa.nl>
49 lines
1.6 KiB
Go
49 lines
1.6 KiB
Go
package view
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
"github.com/zitadel/zitadel/internal/user/repository/view"
|
|
"github.com/zitadel/zitadel/internal/user/repository/view/model"
|
|
)
|
|
|
|
const (
|
|
userSessionTable = "auth.user_sessions"
|
|
)
|
|
|
|
func (v *View) UserSessionByIDs(ctx context.Context, agentID, userID, instanceID string) (*model.UserSessionView, error) {
|
|
return view.UserSessionByIDs(ctx, v.client, agentID, userID, instanceID)
|
|
}
|
|
|
|
func (v *View) UserSessionsByAgentID(ctx context.Context, agentID, instanceID string) ([]*model.UserSessionView, error) {
|
|
return view.UserSessionsByAgentID(ctx, v.client, agentID, instanceID)
|
|
}
|
|
|
|
func (v *View) UserAgentIDBySessionID(ctx context.Context, sessionID, instanceID string) (string, error) {
|
|
return view.UserAgentIDBySessionID(ctx, v.client, sessionID, instanceID)
|
|
}
|
|
|
|
func (v *View) ActiveUserSessionsBySessionID(ctx context.Context, sessionID, instanceID string) (userAgentID string, sessions map[string]string, err error) {
|
|
return view.ActiveUserSessionsBySessionID(ctx, v.client, sessionID, instanceID)
|
|
}
|
|
|
|
func (v *View) GetLatestUserSessionSequence(ctx context.Context, instanceID string) (_ *query.CurrentState, err error) {
|
|
q := &query.CurrentStateSearchQueries{
|
|
Queries: make([]query.SearchQuery, 2),
|
|
}
|
|
q.Queries[0], err = query.NewCurrentStatesInstanceIDSearchQuery(instanceID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
q.Queries[1], err = query.NewCurrentStatesProjectionSearchQuery(userSessionTable)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
states, err := v.query.SearchCurrentStates(ctx, q)
|
|
if err != nil || states.SearchResponse.Count == 0 {
|
|
return nil, err
|
|
}
|
|
return states.CurrentStates[0], nil
|
|
}
|