-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix registration of backchannel logout route #43000
Fix registration of backchannel logout route #43000
Conversation
Currently the backchannel logout route is registered with the root-path, resulting in a path like this: ``/backend/backend/back-channel-logout`` instead of ``/backend/back-channel-logout`` See also #42990
Thanks @AB-xdev, I'll look now at confirming with the test that this route is accessible with the root path configured, I avoided it previous time trying to minimize impact on all the surrounding tests in the test suite, but I'll isolate it now to a dedicated test |
What that is about ? And how is it relevant to the issue at hand ? |
I think it was just a gripe about our contributing guide being too long :). That's actually very accurate and we started some work to have a smaller first contribution guide. Looks like I need to get back to it :). |
I'm starting looking at adding a back channel test with the http root set |
After spending a lot of time trying to add a dedicated test in |
c8a7a4f
to
d58dc45
Compare
Hi @gsmet @cescoffier I added a test. FYI, if I the route path is relative, example, Only having both It also took me a bit of time to realize RestAuured integration will prepend the root path itself for non-absolute URLs :-) |
d58dc45
to
9f32092
Compare
9f32092
to
2288830
Compare
Why do you need to repeat the root path? Is the route registered correctly? |
@@ -46,7 +46,7 @@ public void setup(@Observes Router router) { | |||
|
|||
private void addRoute(Router router, OidcTenantConfig oidcTenantConfig) { | |||
if (oidcTenantConfig.isTenantEnabled() && oidcTenantConfig.logout.backchannel.path.isPresent()) { | |||
router.route(getRootPath() + oidcTenantConfig.logout.backchannel.path.get()) | |||
router.route(oidcTenantConfig.logout.backchannel.path.get()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Who is calling this method? Which router is it? Why it's not a route registered in the processor?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @cescoffier
Who is calling this method?
It is called from just above from setup(@Observes Router router)
, here.
Which router is it?
The main application one, since it works when accessed from the tests and for example, from Keycloak.
Why it's not a route registered in the processor?
Do you mean the recorder, similar to how it is done WebAuthnRecorder ?
I don't recall now, probably I did not know how to do it at a time, and chose setup(@Observers Router router)
, or may be because the way it is done now is easier to handle in a multi-tenant setup. I can certainly rework it and move the registration to the recorder. I guess, to have this PR backportable, I should do it as a follow up PR a bit later, does it sound reasonable ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, please let's try to get the simple version of this PR verified, tested and merged.
I need a backportable fix very soon.
Status for workflow
|
Do you mean why the route was registered with the explicit root path ? It was a mistake, the PR from @AB-xdev fixes it, or do you mean something else ? |
Ok, so it's an applicatoin router receiving the application router. For sure you must not prefix the root path. I think we would need to switch to a route declared in the extension instead of this, but as you said, for backport reason, let's go with this. |
Sure, @cescoffier, I'll open a follow up request, it might take a bit of time to handle that, but I'll optimize, thanks. By the way, |
Merging now, @AB-xdev, thanks again for initiating this PR 👍 , we look forward for more :-) |
Disclaimer I couldn't build it locally / had no time to setup the 22 DIN A4 pages of the contribution guide ;)
logout.backchannel.path
fails whenhttp.root-path
is present - Again #42990