alopresto commented on a change in pull request #4593:
URL: https://github.com/apache/nifi/pull/4593#discussion_r509461400
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
##########
@@ -851,6 +1086,47 @@ private void forwardToMessagePage(final
HttpServletRequest httpServletRequest, f
uiContext.getRequestDispatcher("/WEB-INF/pages/message-page.jsp").forward(httpServletRequest,
httpServletResponse);
}
+ private String determineLogoutMethod(String oidcDiscoveryUrl) {
+ Matcher accessTokenMatcher =
REVOKE_ACCESS_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
+ Matcher idTokenMatcher =
ID_TOKEN_LOGOUT_FORMAT.matcher(oidcDiscoveryUrl);
+
+ if (accessTokenMatcher.find()) {
+ return REVOKE_ACCESS_TOKEN_LOGOUT;
+ } else if (idTokenMatcher.find()) {
+ return ID_TOKEN_LOGOUT;
+ } else {
+ return STANDARD_LOGOUT;
+ }
+ }
+
+ private URI oidcRequestAuthorizationCode(@Context HttpServletResponse
httpServletResponse, String callback) {
+
+ final String oidcRequestIdentifier = UUID.randomUUID().toString();
+
+ // generate a cookie to associate this login sequence
+ final Cookie cookie = new Cookie(OIDC_REQUEST_IDENTIFIER,
oidcRequestIdentifier);
Review comment:
Is the cookie generation required for OIDC providers? Usually we use a
token in the URL or HTTP header to associate requests rather than cookies.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
