From f03841d53ad301572dbb040b0c7b7e2a5e324f2e Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Wed, 4 Sep 2024 09:48:56 +0000
Subject: [PATCH] add option to perform an oauth2 specific logout, re #4482, re
 #3624

Merge request studip/studip!3366
---
 config/config_defaults.inc.php                |  1 +
 lib/classes/auth_plugins/StudipAuthOAuth2.php | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php
index d0f7d69acc1..2f83fefc583 100644
--- a/config/config_defaults.inc.php
+++ b/config/config_defaults.inc.php
@@ -307,6 +307,7 @@ $STUDIP_AUTH_CONFIG_OAUTH2 = [
     'client_id'                  => '',
     'client_secret'              => '',
     'redirect_uri'               => '',
+    'logout_url'                 => '',
 
     'url_authorize'              => '',
     'url_access_token'           => '',
diff --git a/lib/classes/auth_plugins/StudipAuthOAuth2.php b/lib/classes/auth_plugins/StudipAuthOAuth2.php
index aa9077633e8..98ee90bed6d 100644
--- a/lib/classes/auth_plugins/StudipAuthOAuth2.php
+++ b/lib/classes/auth_plugins/StudipAuthOAuth2.php
@@ -18,6 +18,8 @@ final class StudipAuthOAuth2 extends StudipAuthSSO
     protected string $url_access_token;
     protected string $url_resource_owner_details;
 
+    protected ?string $logout_url = null;
+
     private GenericProvider $oauth2_provider;
 
     private ?array $user_data = null;
@@ -110,4 +112,15 @@ final class StudipAuthOAuth2 extends StudipAuthSSO
     {
         return $this->user_data_mapping['map_args']['auth_user_md5.username'] ?? 'nickname';
     }
+
+    /**
+     * Perform logout if a logout url has been configured
+     */
+    public function logout(): void
+    {
+        if (!empty($this->logout_url)) {
+            header('Location: ' . $this->logout_url);
+            exit();
+        }
+    }
 }
-- 
GitLab