Problem
The default IDP configuration in services/idp/pkg/config/defaults/defaultconfig.go doesn't include post_logout_redirect_uris for iOS and Android clients. This creates issues with the logout process in mobile applications, as they can't properly redirect after logout.
Two key issues exist:
- The
Client struct in the OpenCloud IDP configuration doesn't include a PostLogoutRedirectURIs field, even though the underlying libregraph/lico library supports it:
// Current Client struct in services/idp/pkg/config/config.go
type Client struct {
ID string `yaml:"id"`
Name string `yaml:"name"`
Trusted bool `yaml:"trusted"`
Secret string `yaml:"secret"`
RedirectURIs []string `yaml:"redirect_uris"`
Origins []string `yaml:"origins"`
ApplicationType string `yaml:"application_type"`
}
- The mobile clients are defined without post_logout_redirect_uris in the default configuration:
{
ID: "OpenCloudAndroid",
Name: "OpenCloud Android App",
ApplicationType: "native",
RedirectURIs: []string{
"oc://android.opencloud.eu",
},
},
{
ID: "OpenCloudIOS",
Name: "OpenCloud iOS App",
ApplicationType: "native",
RedirectURIs: []string{
"oc://ios.opencloud.eu",
},
},
Expected Behavior
The Client struct should include a PostLogoutRedirectURIs field to match the underlying library capability:
type Client struct {
ID string `yaml:"id"`
Name string `yaml:"name"`
Trusted bool `yaml:"trusted"`
Secret string `yaml:"secret"`
RedirectURIs []string `yaml:"redirect_uris"`
PostLogoutRedirectURIs []string `yaml:"post_logout_redirect_uris"`
Origins []string `yaml:"origins"`
ApplicationType string `yaml:"application_type"`
}
And the mobile clients should have post_logout_redirect_uris defined in the default configuration:
{
ID: "OpenCloudAndroid",
Name: "OpenCloud Android App",
ApplicationType: "native",
Trusted: true,
RedirectURIs: []string{
"oc://android.opencloud.eu",
},
PostLogoutRedirectURIs: []string{
"oc://android.opencloud.eu",
},
},
Current Workarounds
Currently, administrators need to manually configure a custom IDP configuration file (YAML) and mount it into the container or place it in the appropriate location on the server.
It's important to note that this cannot be configured via environment variables in the current implementation because the Client struct lacks the necessary field and corresponding env tag.
Note
This issue might become obsolete once issue #355 (Switch to Authelia as the embedded IDP) is implemented, as it would replace the current IDP implementation. However, until then, this remains a configuration limitation that affects mobile app logout flows.
Problem
The default IDP configuration in
services/idp/pkg/config/defaults/defaultconfig.godoesn't includepost_logout_redirect_urisfor iOS and Android clients. This creates issues with the logout process in mobile applications, as they can't properly redirect after logout.Two key issues exist:
Clientstruct in the OpenCloud IDP configuration doesn't include aPostLogoutRedirectURIsfield, even though the underlying libregraph/lico library supports it:{ ID: "OpenCloudAndroid", Name: "OpenCloud Android App", ApplicationType: "native", RedirectURIs: []string{ "oc://android.opencloud.eu", }, }, { ID: "OpenCloudIOS", Name: "OpenCloud iOS App", ApplicationType: "native", RedirectURIs: []string{ "oc://ios.opencloud.eu", }, },Expected Behavior
The
Clientstruct should include aPostLogoutRedirectURIsfield to match the underlying library capability:And the mobile clients should have post_logout_redirect_uris defined in the default configuration:
{ ID: "OpenCloudAndroid", Name: "OpenCloud Android App", ApplicationType: "native", Trusted: true, RedirectURIs: []string{ "oc://android.opencloud.eu", }, PostLogoutRedirectURIs: []string{ "oc://android.opencloud.eu", }, },Current Workarounds
Currently, administrators need to manually configure a custom IDP configuration file (YAML) and mount it into the container or place it in the appropriate location on the server.
It's important to note that this cannot be configured via environment variables in the current implementation because the
Clientstruct lacks the necessary field and corresponding env tag.Note
This issue might become obsolete once issue #355 (Switch to Authelia as the embedded IDP) is implemented, as it would replace the current IDP implementation. However, until then, this remains a configuration limitation that affects mobile app logout flows.