Unable to logout when using an oauth2 provider (Keycloak)
Summary
When logged into gitlab using the oauth2 provider and trying to log out, Gitlab redirects to the sign_in page, but doesn't end out session on Keycloak, so we are logged in again.
Steps to reproduce
- Configure Keycloak as an oauth2 provider
- Log in as a Keycloak user
- Attempt to log out
What is the current bug behavior?
Redirected back to sign_in page. Because auto_sign_in_with_provider field is enabled, we are redirected back to the Keycloak login page. Since our session was never ended, we get redirected back to gitlab, as if nothing happened.
What is the expected correct behavior?
Session on Keycloak should be ended and we should be redirected back to the login page of Gitlab.
Relevant logs and/or screenshots
Configuration of our Gitlab:
- { name: 'oauth2_generic',
app_id: 'git.example.com',
app_secret: 'verysecretwow',
args: {
client_options: {
site: 'https://keycloak.example.com/',
user_info_url: 'https://keycloak.example.com/auth/realms/Dome/protocol/openid-connect/userinfo',
authorize_url: 'https://keycloak.example.com/auth/realms/Dome/protocol/openid-connect/auth',
token_url: 'https://keycloak.example.com/auth/realms/Dome/protocol/openid-connect/token',
end_session_endpoint: 'https://keycloak.example.com/auth/realms/Dome/protocol/openid-connect/logout',
},
user_response_structure: {
id_path: 'sub',
attributes: {
uid: 'sub',
name: 'preferred_username',
email: 'email'
}
},
name: 'Keycloak'
}}
Possible fixes
Provide a way for gitlab to send the token to the end_session_endpoint, so the session can be terminated and logging out works as expected.