Added callback URLs for code exchange and logout

openid_connect.js

@@ -198,7 +198,8 @@ function codeExchange(r) {
  r.variables.new_access_token = "";
  }
  r.headersOut["Set-Cookie"] = "auth_token=" + r.variables.request_id + "; " + r.variables.oidc_cookie_flags;
- r.return(302, r.variables.redirect_base + r.variables.cookie_auth_redir);
+ const redirectLocation = r.variables.after_codexch_redir || r.variables.cookie_auth_redir
+ r.return(302, r.variables.redirect_base + redirectLocation);
  }
  );
  } catch (e) {
@@ -268,7 +269,10 @@ function logout(r) {
  r.variables.session_jwt = "-";
  r.variables.access_token = "-";
  r.variables.refresh_token = "-";
- r.return(302, r.variables.oidc_logout_redirect);
+ const redirectLocation = r.variables.initial_logout_redir
+ ? `${r.variables.redirect_base}${r.variables.initial_logout_redir}`
+ : r.variables.oidc_logout_redirect;
+ r.return(302, redirectLocation);
 }
 
 function getAuthZArgs(r) {

openid_connect.server_conf

@@ -24,7 +24,6 @@
  default_type text/plain; # In case we throw an error
  }
 
- set $redir_location "/_codexch";
  location = /_codexch {
  # This location is called by the IdP after successful authentication
  status_zone "OIDC code exchange";

openid_connect_configuration.conf

@@ -3,6 +3,21 @@
 # Each map block allows multiple values so that multiple IdPs can be supported,
 # the $host variable is used as the default input parameter but can be changed.
 #
+map $host $redir_location {
+ # www.example.com "/signin-oidc"; # need to add the /signin-oidc location and code exchange process 
+ default "/_codexch";
+}
+
+map $host $after_codexch_redir {
+ default "";
+ #www.example.com "/after_code_verified";
+}
+
+map $host $initial_logout_redir {
+ default "";
+ #www.example.com "/clear_proxy_session";
+}
+
 map $host $oidc_authz_endpoint {
  default "http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/auth";
  #www.example.com "https://my-idp/oauth2/v1/authorize";