From 01a726c95c622487365dc9cd57ec2bea196de7de Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Thu, 13 Aug 2020 18:01:58 +0100
Subject: [PATCH] :lock: Force Single Logout (#77)

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/public/actions/login.php  | 1 +
 app/public/actions/logout.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/public/actions/login.php b/app/public/actions/login.php
index 0598f9d..38fdcc1 100644
--- a/app/public/actions/login.php
+++ b/app/public/actions/login.php
@@ -5,6 +5,7 @@
     // Perform the OIDC authentication
     try {
       $oidc->authenticate();
+      $_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token;
       $oidc_user = array(
         'sub' => $oidc->requestUserInfo('sub'),
         'username' => $oidc->requestUserInfo('preferred_username'),
diff --git a/app/public/actions/logout.php b/app/public/actions/logout.php
index 6bca8f6..8bbceb7 100644
--- a/app/public/actions/logout.php
+++ b/app/public/actions/logout.php
@@ -2,7 +2,7 @@
     $PAGE_NAME = "Logging out...";
     require_once __DIR__ . "/../../includes/prereqs.php";
 
+    $access_token = $_SESSION['access_token'];
     session_destroy();
-
-    header('Location: /');
+    $oidc->signOut($access_token, $_ENV['APP_URL']);
 ?>