Problem/Motivation
The openid_connect_windows_aad module defines `openid_connect_windows_aad_openid_connect_redirect_logout_alter()` and fails to load the client from the passed context variable (which contains a plugin name, not a client id) , in order to do its thing, so tries to call method `getPlugin()` on NULL and errors out.
I don't know if this is a new problem, I just came across it whilst testing the fix for #3577049: Update.php fails with InvalidArgumentException : The configuration property settings.prompt.login doesn't exist
Steps to reproduce
Implement hook_openid_connect_redirect_logout_alter in a module and try to load a client:
/** @var \Drupal\openid_connect\Entity\OpenIDConnectClientEntity $client */
$client = OpenIDConnectClientEntity::load($context['client']);
Login. Logout. Oops.
Proposed resolution
Ensure the context passes the client id and not the plugin name.
Remaining tasks
Draw the rest of the owl.
User interface changes
None.
API changes
None, except implement the API as actually documented :-)
Data model changes
Nope.
Issue fork openid_connect-3577436
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
cafuego commentedComment #3
cafuego commentedA quick hacky work-around is to add a
!empty($client)check top the conditional after trying to load the client in the plugin. Of course, that then means the logout redirect won't get changed if it should be.Comment #4
cafuego commentedOffhand, it looks like
$clientName = $provider?->id ?? 'unknown';instead of$clientName = $provider?->getPlugin()?->getPluginId() ?? 'unknown';in src/LogoutService.php does the trick.Comment #7
stefdewa commentedAdded MR, clientName is now the actual client ID and no longer the plugin ID.
Comment #8
stefdewa commentedComment #9
timmy_cos commentedPatch seems to be working for me! FYI I'm fairly sure this issue was introduced in alpha7 with https://www.drupal.org/project/openid_connect/issues/3518252
Comment #10
cafuego commentedWorks as advertised for me as well.
Comment #11
szeidler commentedI can confirm that the MR fixes the problem. Without the patch you will get a fatal error when the logout redirect is configured.
Comment #12
karimbou commentedWe're having an issue on version v1.5 since security patch fix, when trying to login, redirection has prompt=login%20%login in the URL instead of prompt=login
linked to
Comment #13
cafuego commented@karimbou That is because of #3577049: Update.php fails with InvalidArgumentException : The configuration property settings.prompt.login doesn't exist and it is fixed in the 3.x branch, at least.
You need to apply the patch from https://git.drupalcode.org/project/openid_connect/-/merge_requests/185/d...
Comment #15
pfrillingThanks all for the patches! Merge train has started