From 36bff3c5f35adc169969edbb995a65762b73da37 Mon Sep 17 00:00:00 2001
From: RobertBeekman <mail@rbeekman.nl>
Date: Sun, 3 Mar 2024 20:45:05 +0100
Subject: [PATCH] Authentication - Sign out in the browser when logging out

---
 .../Models/AccessToken.cs                           |  4 +++-
 .../Services/AuthenticationService.cs               | 13 +++++++++++--
 .../Services/Interfaces/IAuthenticationService.cs   |  2 +-
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/Artemis.WebClient.Workshop/Models/AccessToken.cs b/src/Artemis.WebClient.Workshop/Models/AccessToken.cs
index 60e9f31d9..d9ed1abb6 100644
--- a/src/Artemis.WebClient.Workshop/Models/AccessToken.cs
+++ b/src/Artemis.WebClient.Workshop/Models/AccessToken.cs
@@ -12,14 +12,16 @@ internal class AuthenticationToken
         if (tokenResponse.RefreshToken == null)
             throw new ArtemisWebClientException("Token response contains no refresh token");
 
+        IdentityToken = tokenResponse.IdentityToken;
         AccessToken = tokenResponse.AccessToken;
         RefreshToken = tokenResponse.RefreshToken;
         ExpiresAt = DateTimeOffset.UtcNow.AddSeconds(tokenResponse.ExpiresIn);
     }
-
+    
     public DateTimeOffset ExpiresAt { get; private set; }
     public bool Expired => DateTimeOffset.UtcNow.AddSeconds(5) >= ExpiresAt;
 
+    public string? IdentityToken { get; private set; }
     public string AccessToken { get; private set; }
     public string RefreshToken { get; private set; }
 }
\ No newline at end of file
diff --git a/src/Artemis.WebClient.Workshop/Services/AuthenticationService.cs b/src/Artemis.WebClient.Workshop/Services/AuthenticationService.cs
index 80a7bb470..c8727c361 100644
--- a/src/Artemis.WebClient.Workshop/Services/AuthenticationService.cs
+++ b/src/Artemis.WebClient.Workshop/Services/AuthenticationService.cs
@@ -258,12 +258,21 @@ internal class AuthenticationService : CorePropertyChanged, IAuthenticationServi
     }
 
     /// <inheritdoc />
-    public void Logout()
+    public async Task Logout()
     {
+        DiscoveryDocumentResponse disco = await GetDiscovery();
+      
+        // Open the web browser for the user to log out
+        if (disco.EndSessionEndpoint != null)
+        {
+            RequestUrl authRequestUrl = new(disco.EndSessionEndpoint);
+            string url = authRequestUrl.CreateEndSessionUrl(_token?.IdentityToken);
+            Utilities.OpenUrl(url);
+        }
+
         _token = null;
         _claims.Clear();
         SetStoredRefreshToken(null);
-
         _isLoggedInSubject.OnNext(false);
     }
 
diff --git a/src/Artemis.WebClient.Workshop/Services/Interfaces/IAuthenticationService.cs b/src/Artemis.WebClient.Workshop/Services/Interfaces/IAuthenticationService.cs
index b806c83a9..5d8f908b3 100644
--- a/src/Artemis.WebClient.Workshop/Services/Interfaces/IAuthenticationService.cs
+++ b/src/Artemis.WebClient.Workshop/Services/Interfaces/IAuthenticationService.cs
@@ -13,6 +13,6 @@ public interface IAuthenticationService : IProtectedArtemisService
     Task<string?> GetBearer();
     Task<bool> AutoLogin(bool force = false);
     Task Login(CancellationToken cancellationToken);
-    void Logout();
+    Task Logout();
     bool GetIsEmailVerified();
 }
\ No newline at end of file