From e25ca7ab9af5f50243e59b35e3ae50828bbcc46b Mon Sep 17 00:00:00 2001 From: kolaente Date: Sat, 27 Jun 2026 16:02:57 +0200 Subject: [PATCH] fix: don't re-login after logout when OIDC auto-redirect is enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Set the just-logged-out flag before navigating, and skip the intermediate router.push to login when redirecting to the IdP — otherwise Login.vue's onBeforeMount consumed the flag before the logout round-trip landed, so the single-provider auto-redirect fired and logged the user straight back in. redirectToProviderOnLogout now reports whether it navigated, so logout can fall through to the login page when there's no static logout URL. --- frontend/src/helpers/redirectToProvider.ts | 4 +++- frontend/src/stores/auth.ts | 12 ++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/frontend/src/helpers/redirectToProvider.ts b/frontend/src/helpers/redirectToProvider.ts index 1b7513fda..df2031ec3 100644 --- a/frontend/src/helpers/redirectToProvider.ts +++ b/frontend/src/helpers/redirectToProvider.ts @@ -24,8 +24,10 @@ export const redirectToProvider = (provider: IProvider) => { window.location.href = `${provider.authUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}` } -export const redirectToProviderOnLogout = (provider: IProvider) => { +export const redirectToProviderOnLogout = (provider: IProvider): boolean => { if (provider.logoutUrl.length > 0) { window.location.href = `${provider.logoutUrl}` + return true } + return false } diff --git a/frontend/src/stores/auth.ts b/frontend/src/stores/auth.ts index 14e93d2c5..a148316a7 100644 --- a/frontend/src/stores/auth.ts +++ b/frontend/src/stores/auth.ts @@ -562,21 +562,25 @@ export const useAuthStore = defineStore('auth', () => { const loggedInVia = getLoggedInVia() window.localStorage.clear() // Clear all settings and history we might have saved in local storage. lastUserInfoRefresh.value = null - await router.push({name: 'user.login'}) - await checkAuth() sessionStorage.setItem(JUST_LOGGED_OUT_KEY, 'true') // Redirect to the OIDC provider to end its session too. Prefer the // server-built RP-Initiated Logout URL, falling back to the static one. + // These full-page redirects return the user to the login page, so we + // must not router.push there first — that would consume + // JUST_LOGGED_OUT_KEY before the round-trip lands. if (oidcLogoutUrl) { window.location.href = oidcLogoutUrl return } const fullProvider: IProvider|undefined = configStore.auth.openidConnect.providers?.find((p: IProvider) => p.key === loggedInVia) - if (fullProvider) { - redirectToProviderOnLogout(fullProvider) + if (fullProvider && redirectToProviderOnLogout(fullProvider)) { + return } + + await router.push({name: 'user.login'}) + await checkAuth() } return {