small-hack · jessebot · Aug 30, 2023 · Aug 30, 2023
diff --git a/charts/vouch/Chart.yaml b/charts/vouch/Chart.yaml
@@ -17,7 +17,7 @@ keywords:
   - sso
   - sso-login
 
-version: 4.1.1
+version: 4.1.2
 
 # renovate: image=quay.io/vouch/vouch-proxy
 appVersion: "0.39"

diff --git a/charts/vouch/README.md b/charts/vouch/README.md
@@ -1,6 +1,6 @@
 # vouch
 
-![Version: 4.1.1](https://img.shields.io/badge/Version-4.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39](https://img.shields.io/badge/AppVersion-0.39-informational?style=flat-square)
+![Version: 4.1.2](https://img.shields.io/badge/Version-4.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39](https://img.shields.io/badge/AppVersion-0.39-informational?style=flat-square)
 
 An SSO and OAuth login solution for nginx using the auth_request module.
 
@@ -27,6 +27,7 @@ An SSO and OAuth login solution for nginx using the auth_request module.
 | config.oauth.callbackUrls | list | `[]` | valid callback urls to use, example https://vouch.example.com/auth |
 | config.oauth.clientId | string | `""` | clientID from  your provider |
 | config.oauth.clientSecret | string | `""` | clientSecret from your provider |
+| config.oauth.endSessionEndpoint | string | `""` | end session endpoint is usually the IdP's logout URL |
 | config.oauth.existingSecret | string | `""` | existingSecret for clientId, clientSecret, authUrl, tokenUrl, userInfoUrl, scopes, callbackUrls, and preferredDomain. If this value is not empty, we will ignore all of those plain text values and only use your secret keys |
 | config.oauth.preferredDomain | string | `""` | preferred domain |
 | config.oauth.provider | string | `""` | oauth2 provider, such as keycloak |
@@ -35,6 +36,7 @@ An SSO and OAuth login solution for nginx using the auth_request module.
 | config.oauth.secretKeys.callbackUrls | string | `"callbackUrls"` | secret key in oauth.existingSecret for commas seperated list of valid callback urls to use, example value for your key in your existing secert: 'https://vouch.example.com/auth,https://vouch.example.com/login' |
 | config.oauth.secretKeys.clientId | string | `"clientId"` | secret key in oauth.existingSecret for the clientID from your provider |
 | config.oauth.secretKeys.clientSecret | string | `"clientSecret"` | secret key in oauth.existingSecret for clientSecret from your provider |
+| config.oauth.secretKeys.endSessionEndpoint | string | `"endSessionEndpoint"` | secret key in oauth.existingSecret for your end session end_session_endpoint |
 | config.oauth.secretKeys.preferredDomain | string | `"preferredDomain"` | secret key in oauth.existingSecret for your preferred domain |
 | config.oauth.secretKeys.tokenUrl | string | `"tokenUrl"` | secret key in oauth.existingSecret for token url from your oidc provider |
 | config.oauth.secretKeys.userInfoUrl | string | `"userInfoUrl"` | secret key in oauth.existingSecret for userInfoUrl from your oidc provider |

diff --git a/charts/vouch/templates/deployment.yaml b/charts/vouch/templates/deployment.yaml
@@ -136,6 +136,13 @@ spec:
                   name: {{ template "vouch.oauth.secret.name" . }}
                   key: {{ .Values.config.oauth.secretKeys.callbackUrls }}
             {{- end }}
+            {{- if or .Values.config.oauth.endSessionEndpoint (and .Values.config.oauth.existingSecret .Values.config.oauth.secretKeys.endSessionEndpoint) }}
+            - name: OAUTH_END_SESSION_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "vouch.oauth.secret.name" . }}
+                  key: {{ .Values.config.oauth.secretKeys.endSessionEndpoint }}
+            {{- end }}
             {{- if .Values.config.oauth.scopes }}
             - name: OAUTH_SCOPES
               value: {{ join "," .Values.config.oauth.scopes }}

diff --git a/charts/vouch/templates/secret.yaml b/charts/vouch/templates/secret.yaml
@@ -22,6 +22,7 @@ data:
   tokenUrl: {{ .Values.config.oauth.tokenUrl | b64enc | quote }}
   userInfoUrl: {{ .Values.config.oauth.userInfoUrl | b64enc | quote }}
   callbackUrls: {{ join "," .Values.config.oauth.callbackUrls | b64enc | quote }}
+  endSessionEndpoint: {{ .Values.config.oauth.endSessionEndpoint | b64enc | quote }}
   preferredDomain: {{ .Values.config.oauth.preferredDomain | b64enc | quote }}
   {{- end }}
 {{- end }}
diff --git a/charts/vouch/values.yaml b/charts/vouch/values.yaml
@@ -165,6 +165,8 @@ config:
     userInfoUrl: ''
     # -- array of scopes to get from the provider e.g. [openid, email, profile]
     scopes: []
+    # -- end session endpoint is usually the IdP's logout URL
+    endSessionEndpoint: ""
     # -- valid callback urls to use, example https://vouch.example.com/auth
     callbackUrls: []
     # -- preferred domain
@@ -190,6 +192,8 @@ config:
       # callback urls to use, example value for your key in your existing secert:
       # 'https://vouch.example.com/auth,https://vouch.example.com/login'
       callbackUrls: 'callbackUrls'
+      # -- secret key in oauth.existingSecret for your end session end_session_endpoint
+      endSessionEndpoint: 'endSessionEndpoint'
       # -- secret key in oauth.existingSecret for your preferred domain
       preferredDomain: 'preferredDomain'