@@ -742,7 +742,7 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
742742// @Security CoderSessionToken
743743// @Produce json
744744// @Tags Users
745- // @Success 200 {object} map[string]string "Returns a map containing the OIDC logout URL"
745+ // @Success 200 {object} codersdk.OIDCLogoutResponse "Returns a map containing the OIDC logout URL"
746746// @Router /users/oidc-logout [get]
747747func (api * API ) userOIDCLogoutURL (rw http.ResponseWriter , r * http.Request ) {
748748 ctx := r .Context ()
@@ -757,6 +757,11 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
757757 return
758758 }
759759
760+ logger := api .Logger .Named (userAuthLoggerName )
761+
762+ // Default response: empty URL if OIDC logout is not supported
763+ response := codersdk.OIDCLogoutResponse {URL : "" }
764+
760765 // Retrieve the user's OAuthAccessToken for logout
761766 // nolint:gocritic // We only can get user link by user ID and login type with the system auth.
762767 link , err := api .Database .GetUserLinkByUserIDLoginType (dbauthz .AsSystemRestricted (ctx ),
@@ -765,16 +770,17 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
765770 LoginType : user .LoginType ,
766771 })
767772 if err != nil {
768- api .Logger .Error (ctx , "failed to retrieve OIDC user link" , "error" , err )
769773 if xerrors .Is (err , sql .ErrNoRows ) {
770- httpapi .Write (ctx , rw , http .StatusNotFound , codersdk.Response {
771- Message : "No OIDC link found for this user." ,
772- })
773- } else {
774- httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
775- Message : "Failed to retrieve user authentication data." ,
776- })
774+ logger .Warn (ctx , "no OIDC link found for this user" )
775+ httpapi .Write (ctx , rw , http .StatusOK , response )
776+ return
777777 }
778+
779+ logger .Error (ctx , "failed to retrieve OIDC user link" , "error" , err )
780+ httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
781+ Message : "Failed to retrieve user authentication data." ,
782+ Detail : err .Error (),
783+ })
778784 return
779785 }
780786
@@ -787,19 +793,18 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
787793 logoutURI := dvOIDC .LogoutRedirectURI .Value ()
788794
789795 if oidcEndpoint == "" {
790- api .Logger .Error (ctx , "missing OIDC logout endpoint" )
791- httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
792- Message : "OIDC configuration is missing." ,
793- })
796+ logger .Warn (ctx , "missing OIDC logout endpoint" )
797+ httpapi .Write (ctx , rw , http .StatusOK , response )
794798 return
795799 }
796800
797801 // Construct OIDC Logout URL
798802 logoutURL , err := url .Parse (oidcEndpoint )
799803 if err != nil {
800- api . Logger .Error (ctx , "failed to parse OIDC endpoint" , "error" , err )
804+ logger .Error (ctx , "failed to parse OIDC endpoint" , "error" , err )
801805 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
802806 Message : "Invalid OIDC endpoint." ,
807+ Detail : err .Error (),
803808 })
804809 return
805810 }
@@ -820,7 +825,7 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
820825 logoutURL .RawQuery = q .Encode ()
821826
822827 // Return full logout URL
823- response := map [ string ] string { "oidc_logout_url" : logoutURL .String ()}
828+ response . URL = logoutURL .String ()
824829 httpapi .Write (ctx , rw , http .StatusOK , response )
825830}
826831
0 commit comments