Performing logout using info inside the JWT token

2020-06-30 12:50:35 +02:00 · 2020-06-30 12:50:35 +02:00 · 061962fa84
parent 1ea97a6f10
commit 061962fa84
1 changed files with 2 additions and 6 deletions
--- a/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java
+++ b/src/main/java/org/gcube/portal/oidc/lr62/SessionDestroyAction.java
@ -1,7 +1,6 @@
 package org.gcube.portal.oidc.lr62;

 import java.io.IOException;
-import java.util.List;

 import javax.servlet.http.HttpSession;

@ -34,13 +33,10 @@ public class SessionDestroyAction extends SessionAction {
                            + user.getScreenName());
                }
                try {
-                    List<String> tokenAud = token.getAud();
-                    tokenAud.remove(JWTToken.ACCOUNT_RESOURCE);
-                    String clientId = tokenAud.iterator().next();
                    if (log.isDebugEnabled()) {
-                        log.debug("Performing logout by using client id: " + clientId);
+                        log.debug("Performing the OIDC backchannel logout");
                    }
-                    OpenIdConnectRESTHelper.logout(configuration.getLogoutURL(), clientId, token);
+                    OpenIdConnectRESTHelper.logout(configuration.getLogoutURL(), token);
                } catch (IOException e) {
                    throw new ActionException("Performing logut on OIDC server", e);
                }