Django Azure Logout Session
Is there any formal way to log out of both Django + Azure AD B2C Session?
Clicking "Logout" redirects to the default logout page.
After that, clicking "log back in" or simply entering the home page in the url takes the user right back to the home page because the Azure session is not actually ended.
Using django-oidc-provider + mozilla-django-oidc packages.
Azure App Config Front Channel URL: https://my-site:myport/admin/logout
Settings.py
OIDC_SESSION_MANAGEMENT_ENABLE = True
OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY = 'test'
OIDC_OP_LOGOUT_URL_METHOD = "testmodule.auth.logout"
logout function
def logout(request):
print("custom logout request reached") **# Never Reached**
# I'm not sure if this is the correct token to be accessing
id_token = str(request.COOKIES['csrftoken'])
id_token_hint = f'id_token_hint={id_token}'
redirect_url = "https://login.windows.net/my-tenant-id/oauth2/v2/logout?"
redirect_url = redirect_url + id_token_hint + "&post_logout_redirect_uri=" + request.build_absolute_uri("/admin/logout/")
print(f'redirect_url: {redirect_url}')
return redirect_url
urls.py
class LogoutView(OIDCLogoutView):
print("LogoutView Reached")
def get(self, request):
print("Get Call") **# Never Reached**
return self.post(request)
def post(self, request):
print("Post Call") **# Never Reached**
"""Log out the user."""
logout_url = self.redirect_url
#if request.user.is_authenticated:
print("Reached Authenticated") **# Never Reached**
# Check if a method exists to build the URL to log out the user
# from the OP.
logout_from_op = self.get_settings('OIDC_OP_LOGOUT_URL_METHOD', '')
if logout_from_op:
logout_url = import_string(logout_from_op)(request)
# Log out the Django user if they were logged in.
auth.logout(request)
return HttpResponseRedirect(logout_url)
url_patterns = [
...
path('admin/logout/', LogoutView.as_view(), name='logout'),
...
]