@@ -751,7 +751,7 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
751751// @Security CoderSessionToken
752752// @Produce json
753753// @Tags Users
754- // @Success 200 {object} map[string]string "Returns a map containing the OIDC logout URL"
754+ // @Success 200 {object} codersdk.OIDCLogoutResponse "Returns a map containing the OIDC logout URL"
755755// @Router /users/oidc-logout [get]
756756func (api * API ) userOIDCLogoutURL (rw http.ResponseWriter , r * http.Request ) {
757757 ctx := r .Context ()
@@ -766,6 +766,11 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
766766 return
767767 }
768768
769+ logger := api .Logger .Named (userAuthLoggerName )
770+
771+ // Default response: empty URL if OIDC logout is not supported
772+ response := codersdk.OIDCLogoutResponse {URL : "" }
773+
769774 // Retrieve the user's OAuthAccessToken for logout
770775 // nolint:gocritic // We only can get user link by user ID and login type with the system auth.
771776 link , err := api .Database .GetUserLinkByUserIDLoginType (dbauthz .AsSystemRestricted (ctx ),
@@ -774,16 +779,17 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
774779 LoginType : user .LoginType ,
775780 })
776781 if err != nil {
777- api .Logger .Error (ctx , "failed to retrieve OIDC user link" , "error" , err )
778782 if xerrors .Is (err , sql .ErrNoRows ) {
779- httpapi .Write (ctx , rw , http .StatusNotFound , codersdk.Response {
780- Message : "No OIDC link found for this user." ,
781- })
782- } else {
783- httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
784- Message : "Failed to retrieve user authentication data." ,
785- })
783+ logger .Warn (ctx , "no OIDC link found for this user" )
784+ httpapi .Write (ctx , rw , http .StatusOK , response )
785+ return
786786 }
787+
788+ logger .Error (ctx , "failed to retrieve OIDC user link" , "error" , err )
789+ httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
790+ Message : "Failed to retrieve user authentication data." ,
791+ Detail : err .Error (),
792+ })
787793 return
788794 }
789795
@@ -796,19 +802,18 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
796802 logoutURI := dvOIDC .LogoutRedirectURI .Value ()
797803
798804 if oidcEndpoint == "" {
799- api .Logger .Error (ctx , "missing OIDC logout endpoint" )
800- httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
801- Message : "OIDC configuration is missing." ,
802- })
805+ logger .Warn (ctx , "missing OIDC logout endpoint" )
806+ httpapi .Write (ctx , rw , http .StatusOK , response )
803807 return
804808 }
805809
806810 // Construct OIDC Logout URL
807811 logoutURL , err := url .Parse (oidcEndpoint )
808812 if err != nil {
809- api . Logger .Error (ctx , "failed to parse OIDC endpoint" , "error" , err )
813+ logger .Error (ctx , "failed to parse OIDC endpoint" , "error" , err )
810814 httpapi .Write (ctx , rw , http .StatusInternalServerError , codersdk.Response {
811815 Message : "Invalid OIDC endpoint." ,
816+ Detail : err .Error (),
812817 })
813818 return
814819 }
@@ -829,7 +834,7 @@ func (api *API) userOIDCLogoutURL(rw http.ResponseWriter, r *http.Request) {
829834 logoutURL .RawQuery = q .Encode ()
830835
831836 // Return full logout URL
832- response := map [ string ] string { "oidc_logout_url" : logoutURL .String ()}
837+ response . URL = logoutURL .String ()
833838 httpapi .Write (ctx , rw , http .StatusOK , response )
834839}
835840
0 commit comments