Nginx Ingress OAuth Logout (Kubernetes)?

3/10/2019

I've set up nginx ingress with oauth for Kubernetes based off of bitly's oauth2_proxy. There is metadata for an auth-url and auth-signin page, but I'm not sure if there is a way to configure logout (volentarily or by force). Obviously I'd like the ability to kick someone off if I need to.

  annotations:
    nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
    nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
  name: external-auth-oauth2

I've tried deleting my browser cookies, clearing the cache, all while (after) I've stopped the Ingress. I've also tried deleting the OAuth service and deployment and ingress, so I'm not sure where the data is persisting.

Does anyone know how to do this?

-- Display name
kubernetes
logout
nginx
nginx-ingress
persistent-storage

1 Answer

3/11/2019

As far as I know, this is not possible.

You can't sign-out a user that does not allow it.

What you could do is to revoke the token, or redirect to sign out.

Example of a request that needs to be sent to the revocation REST endpoint:

curl -X POST --basic -u "<client id>:<client secret>" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "token=<token to revoke>&token_type_hint=access_token" https://localhost:9443/oauth2/revoke
-- Crou
Source: StackOverflow