Skip to content

feat: implement the Hydra logout flow#186

Merged
ardetrick merged 1 commit into
mainfrom
feat/logout
Jul 11, 2026
Merged

feat: implement the Hydra logout flow#186
ardetrick merged 1 commit into
mainfrom
feat/logout

Conversation

@ardetrick

Copy link
Copy Markdown
Owner

Completes the login/consent/logout provider triad. Hydra's logout challenge now has a real endpoint: /logout fetches the request from the admin API, shows a confirmation naming the subject, and accepts (following Hydra's redirect through session termination) or rejects (204, session preserved). Two Playwright stories cover it end to end: confirming logout kills a remembered session so the next flow demands credentials again, and cancelling preserves it. Getting here surfaced a real integration landmine, now documented in the security config: Spring Security's built-in LogoutFilter silently intercepts /logout before any controller sees it, so it must be disabled for a Hydra logout endpoint at that path. This is also the first consumer of the testcontainers library's urlsLogout() builder option, and the test proxy gained mappings for the issuer-based logout verifier and post-logout redirects. Checks off "Log out" from the README task list.

🤖 Generated with Claude Code

@ardetrick ardetrick merged commit b9c7aff into main Jul 11, 2026
1 check passed
@ardetrick ardetrick deleted the feat/logout branch July 11, 2026 02:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant