Add OPENID_CONNECT path logout variable (#6066)

Author: farhatahmad

app/controllers/api/v1/sessions_controller.rb

@@ -69,16 +69,17 @@ def create
       # Clears the session cookie and signs the user out
       def destroy
         id_token = session.delete(:oidc_id_token)
+        logout_path = ENV.fetch('OPENID_CONNECT_LOGOUT_PATH', '')
 
         # Make logout request to OIDC
-        if id_token.present? && external_auth?
+        if logout_path.present? && id_token.present? && external_auth?
           issuer_url = if ENV.fetch('LOADBALANCER_ENDPOINT', nil).present?
                          File.join(ENV.fetch('OPENID_CONNECT_ISSUER'), "/#{current_provider}")
                        else
                          ENV.fetch('OPENID_CONNECT_ISSUER')
                        end
 
-          end_session = File.join(issuer_url, 'protocol', 'openid-connect', 'logout')
+          end_session = File.join(issuer_url, logout_path)
 
           url = "#{end_session}?client_id=#{ENV.fetch('OPENID_CONNECT_CLIENT_ID', nil)}" \
                 "&id_token_hint=#{id_token}" \

sample.env

@@ -46,6 +46,7 @@ REDIS_URL=
 #OPENID_CONNECT_ISSUER=
 #OPENID_CONNECT_REDIRECT=
 #OPENID_CONNECT_UID_FIELD=sub
+#OPENID_CONNECT_LOGOUT_PATH="/protocol/openid-connect/logout"
 
 # Uncomment the following flag if you want to use EMAIL as a Unique ID backup, useful for setups with existing users who want to switch to an IDP setup.
 # More information: https://github.com/bigbluebutton/greenlight/issues/5872

spec/controllers/sessions_controller_spec.rb

@@ -160,10 +160,12 @@
         session[:oidc_id_token] = 'sample_id_token'
         allow(controller).to receive(:external_auth?).and_return(true)
         ENV['OPENID_CONNECT_ISSUER'] = 'https://openid.example'
+        ENV['OPENID_CONNECT_LOGOUT_PATH'] = '/protocol/openid-connect/logout'
       end
 
       after do
         ENV['OPENID_CONNECT_ISSUER'] = nil
+        ENV['OPENID_CONNECT_LOGOUT_PATH'] = nil
       end
 
       it 'returns the OIDC logout url' do