2571: Make endSessionUrl nullable

jekuaitk · jekuaitk · commit fa02ef8663b5 · 2024-10-09T10:03:58.000+02:00
diff --git a/src/Controller/AuthOidcController.php b/src/Controller/AuthOidcController.php
@@ -72,14 +72,23 @@ public function getUrls(Request $request, SessionInterface $session): Response
             $session->set('oauth2state', $state);
             $session->set('oauth2nonce', $nonce);
 
+
+            // We allow end session endpoint to not be set, by letting $endSessionUrl be null.
+            // This is handled in the admin by removing the logout button.
+            try {
+                $endSessionUrl = $provider->getEndSessionUrl();
+            } catch (ItkOpenIdConnectException $e) {
+                $endSessionUrl = null;
+            }
+
             $data = [
                 'authorizationUrl' => $provider->getAuthorizationUrl([
                     'state' => $state,
                     'nonce' => $nonce,
                     'response_type' => 'code',
                     'scope' => 'openid email profile',
                 ]),
-                'endSessionUrl' => $provider->getEndSessionUrl(),
+                'endSessionUrl' => $endSessionUrl,
             ];
 
             return new JsonResponse($data);
