🐛 (src/): fix logout function

[ncvescera]

These changes should allow for a correct user disconnection, both when they use the 'logout' button and when they close the browser. Once disconnected, the user should be forced to also disconnect automatically from Vault.

Fixed a problem with the 'Start Computing' button (#32), it's now displayed on screen correctly.

[ncvescera]

Maybe using the Flask redirect function to visit the Vault's logout url should work !

    # Revoke the Vault token - We can't Batch token cannot be revoked
    # Redirect the user to the identity provider logout URL
    redirect('http://10.9.245.2:8200/ui/vault/logout')
    # Clear session or cookies
    session.clear()
    return redirect('/')

[ncvescera]

Set max_age and prompt: login parameters during the authentication phase. Those changes should fix the expired session issue by setting a timeout and forcing a re-authentication.

@app.route('/login')
def login():
    # Add 'max_age' in the params for the OIDC request
    redirect_uri = url_for('auth_callback', _external=True)
    return oauth.my_oidc.authorize_redirect(
        redirect_uri,
        params={
            'max_age': 3600,  # Maximum session age in seconds (e.g., 1 hour)
            'prompt': 'login'  # Force re-authentication
        }
    )

max_age:

• Purpose: Specifies the maximum age (in seconds) of the authentication session.
• Usage in Vault: When using OIDC, Vault sends authentication requests to the identity provider (IdP).
  The max_age parameter tells the IdP to re-authenticate the user if the session is older than the specified age.
  For example, if max_age is set to 3600 (1 hour), the user must re-authenticate if their session is older than 1 hour.
• Key Benefits:
  Enhances security by ensuring periodic re-authentication.
  Controls how long an authenticated session is considered valid without needing re-validation.

prompt=login:

• Purpose: Forces the IdP to prompt the user to log in again, even if they already have a valid session.
• Usage in Vault: It is often used in conjunction with OIDC when you want to ensure that the user explicitly logs in, rather than relying on an existing session at the IdP. The prompt=login parameter is typically part of the OIDC authorization request.
• Scenario: If you're managing highly sensitive operations or need to verify the identity of the user with certainty, you can use prompt=login to enforce a fresh login.