Merge pull request 'Refactored to deal with cookie hell' (#82 ) from payments into master

Reviewed-on: #82
Refactored to deal with cookie hell
2026-06-05 09:20:17 +02:00 · 2026-06-05 09:19:32 +02:00 · 2026-06-05 08:56:17 +02:00 · 2026-06-05 08:55:31 +02:00 · 2026-06-05 08:18:12 +02:00 · 2026-06-05 08:17:32 +02:00
1 changed files with 13 additions and 39 deletions
@@ -42,23 +42,13 @@ public static class Api
            options.Scope.Add("profile");
            options.Scope.Add("email");

-            options.Events = new OpenIdConnectEvents
-            {
-                OnRedirectToIdentityProvider = context =>
-                {
-                    if (!string.IsNullOrEmpty(context.ProtocolMessage.RedirectUri) && context.ProtocolMessage.RedirectUri.StartsWith("http://", StringComparison.OrdinalIgnoreCase))
-                    {
-                        var uriBuilder = new UriBuilder(context.ProtocolMessage.RedirectUri)
-                        {
-                            Scheme = "https"
-                        };
+            options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.CorrelationCookie.SameSite = SameSiteMode.None;
+            options.CorrelationCookie.HttpOnly = true;

-                        context.ProtocolMessage.RedirectUri = uriBuilder.Uri.ToString();
-                    }
-
-                    return Task.CompletedTask;
-                },
-            };
+            options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.NonceCookie.SameSite = SameSiteMode.None;
+            options.NonceCookie.HttpOnly = true;
        });

        return services;
@@ -105,36 +95,20 @@ public static class Api
        {
            await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
            {
-                RedirectUri = redirectUri,
+                RedirectUri = redirectUri,                
            });
        });

        app.MapGet("/logout", async (HttpContext context, IHttpClientFactory httpClientFactory, IOptions<AuthentikSettings> settings) =>
        {
-            var authOptions = settings.Value;
-            var accessToken = await context.GetTokenAsync("access_token");
-
-            if (!string.IsNullOrEmpty(accessToken))
-            {
-                try
-                {
-                    var client = httpClientFactory.CreateClient();
-
-                    var requestContent = new FormUrlEncodedContent(new Dictionary<string, string>(StringComparer.Ordinal)
-                    {
-                        { "token", accessToken },
-                        { "client_id", authOptions.ClientId! },
-                        { "client_secret", authOptions.ClientSecret! },
-                    });
-
-                    await client.PostAsync(authOptions.RevokationEndpoint, requestContent, context.RequestAborted);
-                }
-                catch { }
-            }
-
            await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

-            return Results.Redirect($"{authOptions.Authority}end-session/");
+            string currentBaseUrl = $"https://{context.Request.Host}{context.Request.PathBase}/";
+
+            await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
+            {
+                RedirectUri = currentBaseUrl
+            });
        });

        return app;
Author	SHA1	Message	Date
khwezi	f001b02633	Merge pull request 'Refactored to deal with cookie hell' (#82 ) from payments into master Reviewed-on: #82	2026-06-05 09:20:17 +02:00
Khwezi Mngoma	90a11dc65e	Refactored to deal with cookie hell continuous-integration/drone/pr Build is passing Details	2026-06-05 09:19:32 +02:00
khwezi	de955a96a8	Merge pull request 'Removed login proto handling' (#81 ) from payments into master Reviewed-on: #81	2026-06-05 08:56:17 +02:00
Khwezi Mngoma	cdf5cfb5cd	Removed login proto handling continuous-integration/drone/pr Build is passing Details	2026-06-05 08:55:31 +02:00
khwezi	c4d3bb4cdf	Merge pull request 'Simplified login process' (#80 ) from payments into master Reviewed-on: #80	2026-06-05 08:18:12 +02:00
Khwezi Mngoma	65f102f18a	Simplified login process continuous-integration/drone/pr Build is passing Details	2026-06-05 08:17:32 +02:00
khwezi	cdc80db214	Merge pull request 'Refactored logout endpoint' (#79 ) from payments into master Reviewed-on: #79	2026-06-05 08:15:50 +02:00
Khwezi Mngoma	4576b5aa2b	Refactored logout endpoint continuous-integration/drone/pr Build is passing Details	2026-06-05 08:15:13 +02:00
khwezi	3847927ace	Merge pull request 'Added port stripping' (#78 ) from payments into master Reviewed-on: #78	2026-06-05 07:37:16 +02:00
Khwezi Mngoma	d38d1dd059	Added port stripping continuous-integration/drone/pr Build is passing Details	2026-06-05 07:36:41 +02:00