feat: back and front-channel can be enabled without sessionManagement

panva · Sep 26, 2018 · 8cb37ff · 8cb37ff
1 parent 9272525
commit 8cb37ff
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 47 deletions.
diff --git a/lib/actions/discovery.js b/lib/actions/discovery.js
@@ -90,20 +90,28 @@ module.exports = function discoveryAction(provider) {
       }
     }
 
+    if (
+      config.features.sessionManagement
+      || config.features.backchannelLogout
+      || config.features.frontchannelLogout
+    ) {
+      ctx.body.end_session_endpoint = ctx.oidc.urlFor('end_session');
+    }
+
     if (config.features.sessionManagement) {
       ctx.body.check_session_iframe = ctx.oidc.urlFor('check_session');
-      ctx.body.end_session_endpoint = ctx.oidc.urlFor('end_session');
+    }
 
-      if (config.features.backchannelLogout) {
-        ctx.body.backchannel_logout_supported = true;
-        ctx.body.backchannel_logout_session_supported = true;
-      }
+    if (config.features.backchannelLogout) {
+      ctx.body.backchannel_logout_supported = true;
+      ctx.body.backchannel_logout_session_supported = true;
+    }
 
-      if (config.features.frontchannelLogout) {
-        ctx.body.frontchannel_logout_supported = true;
-        ctx.body.frontchannel_logout_session_supported = true;
-      }
+    if (config.features.frontchannelLogout) {
+      ctx.body.frontchannel_logout_supported = true;
+      ctx.body.frontchannel_logout_session_supported = true;
     }
+
     if (config.features.deviceFlow) {
       ctx.body.device_authorization_endpoint = ctx.oidc.urlFor('device_authorization');
     }

diff --git a/lib/helpers/client_schema.js b/lib/helpers/client_schema.js
@@ -60,7 +60,7 @@ module.exports = function getSchema(provider) {
     RECOGNIZED_METADATA.push('revocation_endpoint_auth_signing_alg');
   }
 
-  if (features.sessionManagement) {
+  if (features.sessionManagement || features.backchannelLogout || features.frontchannelLogout) {
     RECOGNIZED_METADATA.push('post_logout_redirect_uris');
   }
 

diff --git a/lib/helpers/configuration.js b/lib/helpers/configuration.js
@@ -53,15 +53,6 @@ class Configuration {
       });
     }
 
-    if (!this.features.sessionManagement) {
-      if (this.features.backchannelLogout) {
-        throw new Error('backchannelLogout is only available in conjuction with sessionManagement');
-      }
-      if (this.features.frontchannelLogout) {
-        throw new Error('frontchannelLogout is only available in conjuction with sessionManagement');
-      }
-    }
-
     if (!this.features.introspection) {
       if (this.features.jwtIntrospection) {
         throw new Error('jwtIntrospection is only available in conjuction with introspection');

diff --git a/lib/helpers/initialize_app.js b/lib/helpers/initialize_app.js
@@ -157,7 +157,13 @@ module.exports = function initializeApp() {
     const checkSession = getCheckSession(this);
     get('check_session', routes.check_session, error(this, 'check_session.error'), checkSession.get);
     post('check_session_origin', routes.check_session, error(this, 'check_session_origin.error'), ...checkSession.post);
+  }
 
+  if (
+    configuration.features.sessionManagement
+    || configuration.features.backchannelLogout
+    || configuration.features.frontchannelLogout
+  ) {
     const endSession = getEndSession(this);
     get('end_session', routes.end_session, error(this, 'end_session.error'), ...endSession.get);
     post('end_session', routes.end_session, error(this, 'end_session.error'), ...endSession.post);

diff --git a/test/backchannel_logout/backchannel_logout.config.js b/test/backchannel_logout/backchannel_logout.config.js
@@ -2,7 +2,7 @@ const { clone } = require('lodash');
 
 const config = clone(require('../default.config'));
 
-config.features = { sessionManagement: true, backchannelLogout: true, alwaysIssueRefresh: true };
+config.features = { backchannelLogout: true, alwaysIssueRefresh: true };
 
 module.exports = {
   config,

diff --git a/test/backchannel_logout/backchannel_logout.test.js b/test/backchannel_logout/backchannel_logout.test.js
@@ -6,7 +6,6 @@ const base64url = require('base64url');
 const nock = require('nock');
 
 const bootstrap = require('../test_helper');
-const Provider = require('../../lib');
 
 describe('Back-Channel Logout 1.0', () => {
   before(bootstrap(__dirname));
@@ -17,18 +16,6 @@ describe('Back-Channel Logout 1.0', () => {
     if (client.backchannelLogout.restore) client.backchannelLogout.restore();
   });
 
-  describe('feature flag', () => {
-    it('checks sessionManagement is also enabled', () => {
-      expect(() => {
-        new Provider('http://localhost', { // eslint-disable-line no-new
-          features: {
-            backchannelLogout: true,
-          },
-        });
-      }).to.throw('backchannelLogout is only available in conjuction with sessionManagement');
-    });
-  });
-
   describe('Client#backchannelLogout', () => {
     it('triggers the call', async function () {
       const client = await this.provider.Client.find('client');
@@ -53,6 +40,7 @@ describe('Back-Channel Logout 1.0', () => {
     it('extends the well known config', function () {
       return this.agent.get('/.well-known/openid-configuration')
         .expect((response) => {
+          expect(response.body).to.have.property('end_session_endpoint');
           expect(response.body).to.have.property('backchannel_logout_supported', true);
           expect(response.body).to.have.property('backchannel_logout_session_supported', true);
         });

diff --git a/test/frontchannel_logout/frontchannel_logout.config.js b/test/frontchannel_logout/frontchannel_logout.config.js
@@ -2,7 +2,7 @@ const { clone } = require('lodash');
 
 const config = clone(require('../default.config'));
 
-config.features = { sessionManagement: true, frontchannelLogout: true, alwaysIssueRefresh: true };
+config.features = { frontchannelLogout: true, alwaysIssueRefresh: true };
 
 module.exports = {
   config,

diff --git a/test/frontchannel_logout/frontchannel_logout.test.js b/test/frontchannel_logout/frontchannel_logout.test.js
@@ -5,27 +5,15 @@ const { cloneDeep } = require('lodash');
 const base64url = require('base64url');
 
 const bootstrap = require('../test_helper');
-const Provider = require('../../lib');
 
 describe('Front-Channel Logout 1.0', () => {
   before(bootstrap(__dirname));
 
-  describe('feature flag', () => {
-    it('checks sessionManagement is also enabled', () => {
-      expect(() => {
-        new Provider('http://localhost', { // eslint-disable-line no-new
-          features: {
-            frontchannelLogout: true,
-          },
-        });
-      }).to.throw('frontchannelLogout is only available in conjuction with sessionManagement');
-    });
-  });
-
   describe('discovery', () => {
     it('extends the well known config', function () {
       return this.agent.get('/.well-known/openid-configuration')
         .expect((response) => {
+          expect(response.body).to.have.property('end_session_endpoint');
           expect(response.body).to.have.property('frontchannel_logout_supported', true);
           expect(response.body).to.have.property('frontchannel_logout_session_supported', true);
         });