groove/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-03-01 05:29:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Add OIDC Back-Channel Logout support

Browse source 
Implement OIDC Back-Channel Logout 1.0 (RFC). When enabled, the IdP can
POST a signed logout_token JWT to invalidate user sessions server-side.

- Add BackchannelLogoutHandler: JWT verification via jose, jti replay
  protection with bounded cache, session destruction by sub or sid
- Add oidcSessionId column to sessions table with index for fast lookups
- Add backchannel logout route (POST /auth/openid/backchannel-logout)
- Notify connected clients via socket to redirect to login page
- Add authOpenIDBackchannelLogoutEnabled toggle in schema-driven settings UI
- Migration v2.34.0 adds oidcSessionId column and index
- Polish settings UI: auto-populate loading state, subfolder dropdown
  options, KeyValueEditor fixes, localized descriptions via descriptionKey,
  duplicate key detection, success/error toasts
- Localize backchannel logout toast (ToastSessionEndedByProvider)
- OidcAuthStrategy tests now use real class via require-cache stubbing
This commit is contained in:
Denis Arnst 2026-02-05 17:55:10 +01:00
parent 33bee70a12
commit 073eff74ef
No known key found for this signature in database
GPG key ID: D5866C58940197BF
16 changed files with 886 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

17
server/models/Session.js
View file

@ -20,6 +20,8 @@ class Session extends Model {
this.expiresAt
/** @type {string} */
this.oidcIdToken
/** @type {string} */
this.oidcSessionId
// Expanded properties
@ -27,8 +29,8 @@ class Session extends Model {
this.user
}
static async createSession(userId, ipAddress, userAgent, refreshToken, expiresAt, oidcIdToken = null) {
const session = await Session.create({ userId, ipAddress, userAgent, refreshToken, expiresAt, oidcIdToken })
static async createSession(userId, ipAddress, userAgent, refreshToken, expiresAt, oidcIdToken = null, oidcSessionId = null) {
const session = await Session.create({ userId, ipAddress, userAgent, refreshToken, expiresAt, oidcIdToken, oidcSessionId })
return session
}
@ -69,11 +71,18 @@ class Session extends Model {
type: DataTypes.DATE,
allowNull: false
},
oidcIdToken: DataTypes.TEXT
oidcIdToken: DataTypes.TEXT,
oidcSessionId: DataTypes.STRING
},
{
sequelize,
modelName: 'session'
modelName: 'session',
indexes: [
{
name: 'sessions_oidc_session_id',
fields: ['oidcSessionId']
}
]
}
)