From cb95f3e759171eadefd999ff5c04b219270efe30 Mon Sep 17 00:00:00 2001 From: Tim Siebels Date: Wed, 6 Mar 2024 11:48:53 +0100 Subject: [PATCH] fix: Backchannel Logout: Fix error log when RP responds with status code 204 According to the specification at https://openid.net/specs/openid-connect-backchannel-1_0.html#BCResponse the Relying Party must respond with a status code 200. However, it also notes that the OpenID Provider should be prepared to handle status code 204 (No Content) as a successful response as well. --- consent/strategy_default.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/consent/strategy_default.go b/consent/strategy_default.go index 5d8a11d58f7..117fba92548 100644 --- a/consent/strategy_default.go +++ b/consent/strategy_default.go @@ -791,8 +791,8 @@ func (s *DefaultStrategy) executeBackChannelLogout(r *http.Request, subject, sid } defer res.Body.Close() - if res.StatusCode != http.StatusOK { - log.WithError(errors.Errorf("expected HTTP status code %d but got %d", http.StatusOK, res.StatusCode)). + if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusNoContent { + log.WithError(errors.Errorf("expected HTTP status code %d or %d but got %d", http.StatusOK, http.StatusNoContent, res.StatusCode)). Error("Unable to execute OpenID Connect Back-Channel Logout Request") return } else {