Merge pull request #7678 from ZaibanAli/feature/keycloak-terminate-sso-session

feat: implement OAuth logout functionality for keyclock to terminate sso session
2025-12-16 11:57:51 +01:00 · 2024-12-09 16:26:10 -08:00
parent d4d6d1e7db a3ca632921
commit 8718067894
2 changed files with 40 additions and 3 deletions
--- a/backend/open_webui/utils/oauth.py
+++ b/backend/open_webui/utils/oauth.py
@@ -253,9 +253,18 @@ class OAuthManager:
            secure=WEBUI_SESSION_COOKIE_SECURE,
        )

+        if ENABLE_OAUTH_SIGNUP.value:
+            oauth_id_token = token.get("id_token")
+            response.set_cookie(
+                key="oauth_id_token",
+                value=oauth_id_token,
+                httponly=True,
+                samesite=WEBUI_SESSION_COOKIE_SAME_SITE,
+                secure=WEBUI_SESSION_COOKIE_SECURE,
+            )
        # Redirect back to the frontend with the JWT token
        redirect_url = f"{request.base_url}auth#token={jwt_token}"
-        return RedirectResponse(url=redirect_url)
+        return RedirectResponse(url=redirect_url, headers=response.headers)


 oauth_manager = OAuthManager()