vikunja/pkg/modules/auth/openid
kolaente 6f4a21ddad fix(auth): read cached provider for OIDC logout so it never blocks on discovery
BuildEndSessionURL called GetProvider, which unconditionally runs
setOicdProvider -> oidc.NewProvider, a live HTTP GET of the OP's
discovery document (with RetryWithBackoff). On every logout this is an
unnecessary round-trip, and when the OP is unreachable the retries make
/user/logout hang, defeating the "logout stays responsive" guarantee.

The logout path only needs static fields already cached on the provider
(EndSessionURL/LogoutURL/ClientID); it never touches the live
openIDProvider/Oauth2Config. Add a cache-only getCachedProvider accessor
(GetProvider without the trailing setOicdProvider) and have
BuildEndSessionURL use it.

Login/callback keep using GetProvider: token exchange and ID-token
verification legitimately need the live-provider rehydration.
2026-06-19 17:52:45 +02:00
..
cron.go fix: add missing Commit() to write callers 2026-02-25 11:03:02 +01:00
logout.go fix(auth): read cached provider for OIDC logout so it never blocks on discovery 2026-06-19 17:52:45 +02:00
logout_test.go fix(auth): read cached provider for OIDC logout so it never blocks on discovery 2026-06-19 17:52:45 +02:00
main_test.go feat: move to slog for logging 2025-07-21 18:15:39 +02:00
openid.go fix(auth): cache OIDC end-session endpoint at init so logout never blocks on discovery 2026-06-19 17:23:32 +02:00
openid_test.go test(auth): add failing unit tests for OIDC TOTP enforcement 2026-04-09 17:25:47 +00:00
providers.go fix(auth): read cached provider for OIDC logout so it never blocks on discovery 2026-06-19 17:52:45 +02:00
providers_test.go test(auth): cover env-var string booleans for oidc providers (#2599) 2026-04-11 19:10:26 +00:00