Skip to content

Commit

Permalink
fix: Backchannel Logout: Fix error log when RP responds with status c…
Browse files Browse the repository at this point in the history 
…ode 204

According to the specification at https://openid.net/specs/openid-connect-backchannel-1_0.html#BCResponse
the Relying Party must respond with a status code 200.
However, it also notes that the OpenID Provider should be prepared to
handle status code 204 (No Content) as a successful response as well.
  • Loading branch information
@SiebelsTim
SiebelsTim committed Mar 6, 2024
1 parent fcaace4 commit cb95f3e
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions consent/strategy_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -791,8 +791,8 @@ func (s *DefaultStrategy) executeBackChannelLogout(r *http.Request, subject, sid
}
defer res.Body.Close()

if res.StatusCode != http.StatusOK {
log.WithError(errors.Errorf("expected HTTP status code %d but got %d", http.StatusOK, res.StatusCode)).
if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusNoContent {
log.WithError(errors.Errorf("expected HTTP status code %d or %d but got %d", http.StatusOK, http.StatusNoContent, res.StatusCode)).

Check warning on line 795 in consent/strategy_default.go

View check run for this annotation

Codecov / codecov/patch

consent/strategy_default.go#L795 

Added line #L795 was not covered by tests
Error("Unable to execute OpenID Connect Back-Channel Logout Request")
return
} else {
Expand Down

0 comments on commit cb95f3e

Please sign in to comment.