🐢

Author: quochuydev

app1/ui/components/ProfileImage.tsx

@@ -105,11 +105,11 @@ export default function ProfileImage(props: {
                     return_url: "https://app.example.local/app1",
                   });
 
-                  if (session?.idToken) {
-                    params.set("id_token_hint", session.idToken);
+                  if (session?.id) {
+                    params.set("session_id", session.id);
                   }
 
-                  window.location.href = `https://auth.example.local/auth/signout/zitadel?${params}`;
+                  window.location.href = `https://auth.example.local/auth/signout?${params}`;
                 }}
               >
                 Logout

app2/ui/Home.tsx

@@ -48,11 +48,11 @@ export default function Home() {
             return_url: "https://app.example.local/app2",
           });
 
-          if (sessions[0]?.idToken) {
-            params.set("id_token_hint", sessions[0].idToken);
+          if (sessions[0]?.id) {
+            params.set("session_id", sessions[0].id);
           }
 
-          window.location.href = `https://auth.example.local/auth/signout/portal?${params}`;
+          window.location.href = `https://auth.example.local/auth/signout/?${params}`;
         }}
       >
         Logout

auth/app/api/auth/callback/[provider]/route.ts

@@ -92,7 +92,7 @@ async function handler(
     await prisma.session.create({
       data: {
         authSession,
-        issuer: wellKnown.issuer,
+        providerId: provider,
         accessToken: result.access_token,
         tokenType: result.token_type,
         expiresIn: result.expires_in,

auth/app/api/auth/signout/[provider]/route.ts renamed to auth/app/api/auth/signout/route.ts

@@ -3,26 +3,28 @@ import { authSessionCookieName, returnUrlCookieName } from "@/lib/constant";
 import { setShortLiveCookie } from "@/lib/cookie";
 import { prisma } from "@/lib/prisma";
 import { getWellKnown } from "@/lib/zitadel";
-import { Prisma } from "@prisma/client";
 import { cookies } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
 
-export async function POST(
-  request: NextRequest,
-  { params }: { params: { provider: "portal" | "zitadel" } }
-) {
+export async function POST(request: NextRequest) {
   try {
     const body = (await request.json()) as {
       returnUrl?: string;
-      idTokenHint?: string;
-      clientId?: string;
-      postLogoutRedirectUri?: string;
-      state?: string;
+      sessionId?: string;
     };
-    const { returnUrl, idTokenHint, state } = body;
+    const { sessionId, returnUrl } = body;
 
-    const provider = params.provider;
-    if (!provider) throw new Error("provider not found");
+    const requestCookie = cookies();
+    const authSessionCookie = requestCookie.get(authSessionCookieName);
+
+    const session = await prisma.session.findFirst({
+      where: {
+        id: sessionId,
+        authSession: authSessionCookie?.value,
+      },
+    });
+    if (!session) throw new Error("session not found");
+    const provider = session.providerId as "portal" | "zitadel";
 
     const wellKnown = await getWellKnown(configuration[provider].issuer);
 
@@ -31,33 +33,22 @@ export async function POST(
       post_logout_redirect_uri: configuration.postLogoutRedirectUri,
     });
 
-    if (state) requestParams.set("state", state);
-    if (idTokenHint) requestParams.set("id_token_hint", idTokenHint);
-
-    const requestCookie = cookies();
-    const authSessionCookie = requestCookie.get(authSessionCookieName);
-
-    if (authSessionCookie?.value) {
-      const sessionWhereInput: Prisma.SessionWhereInput = {
-        authSession: authSessionCookie.value,
-      };
-
-      if (idTokenHint) {
-        sessionWhereInput.idToken = idTokenHint;
-      }
-
-      await prisma.session.updateMany({
-        where: sessionWhereInput,
-        data: {
-          deletedAt: new Date(),
-        },
-      });
+    if (session.idToken) {
+      requestParams.set("id_token_hint", session.idToken);
     }
 
+    await prisma.session.updateMany({
+      where: {
+        id: sessionId,
+      },
+      data: {
+        deletedAt: new Date(),
+      },
+    });
+
     if (returnUrl) setShortLiveCookie(returnUrlCookieName, returnUrl);
 
     const endSessionUrl = `${wellKnown.end_session_endpoint}?${requestParams}`;
-
     return NextResponse.json({ endSessionUrl });
   } catch (error: any) {
     return NextResponse.json(error.details || { message: error.message }, {

auth/app/api/v1/sessions/route.ts

@@ -43,7 +43,7 @@ export async function GET(request: NextRequest) {
         sessions: sessions.map((session) => ({
           id: session.id,
           authSession: session.authSession,
-          issuer: session.issuer,
+          providerId: session.providerId,
           tokenType: session.tokenType,
           accessToken: session.accessToken,
           expiresIn: session.expiresIn,

auth/app/auth/signout/[provider]/page.tsx

@@ -0,0 +1,17 @@
+import SignOut from "@/ui/SignOut";
+
+export default async function Page({
+  searchParams,
+}: {
+  searchParams: {
+    return_url?: string;
+    session_id?: string;
+  };
+}) {
+  return (
+    <SignOut
+      returnUrl={searchParams.return_url}
+      sessionId={searchParams.session_id}
+    />
+  );
+}

auth/app/auth/signout/page.tsx

@@ -2,7 +2,7 @@
 CREATE TABLE "Session" (
     "id" TEXT NOT NULL PRIMARY KEY,
     "authSession" TEXT NOT NULL,
-    "issuer" TEXT NOT NULL,
+    "providerId" TEXT NOT NULL,
     "accessToken" TEXT NOT NULL,
     "tokenType" TEXT NOT NULL,
     "expiresIn" INTEGER NOT NULL,

auth/prisma/dev.db

@@ -10,7 +10,7 @@ generator client {
 model Session {
     id           String    @id @default(uuid())
     authSession  String
-    issuer       String
+    providerId   String
     accessToken  String
     tokenType    String
     expiresIn    Int //miliseconds

auth/prisma/migrations/20240811150650_init/migration.sql renamed to auth/prisma/migrations/20240815055109_init/migration.sql

@@ -3,47 +3,25 @@ import { useEffect } from "react";
 import { useRouter } from "next/navigation";
 
 export default function SignOut(props: {
-  provider: string;
   returnUrl?: string;
-  idTokenHint?: string;
-  clientId?: string;
-  postLogoutRedirectUri?: string;
-  state?: string;
+  sessionId?: string;
 }) {
-  const {
-    provider,
-    returnUrl,
-    idTokenHint,
-    clientId,
-    postLogoutRedirectUri,
-    state,
-  } = props;
+  const { returnUrl, sessionId } = props;
   const router = useRouter();
 
   useEffect(() => {
-    fetch(`https://auth.example.local/api/auth/signout/${provider}`, {
+    fetch(`https://auth.example.local/api/auth/signout`, {
       method: "POST",
       body: JSON.stringify({
         returnUrl,
-        idTokenHint,
-        clientId,
-        postLogoutRedirectUri,
-        state,
+        sessionId,
       }),
     })
       .then((response) => response.json())
       .then(({ endSessionUrl }) => {
         if (endSessionUrl) router.replace(endSessionUrl);
       });
-  }, [
-    clientId,
-    idTokenHint,
-    postLogoutRedirectUri,
-    provider,
-    returnUrl,
-    router,
-    state,
-  ]);
+  }, [returnUrl, router, sessionId]);
 
   return <div>Loading...</div>;
 }