http: logout — 303 to end_session_endpoint with id_token_hint for OIDC sessions

2026-05-05 13:34:47 +01:00
parent 1fd9dce8a2
commit d2ffc98f3c
3 changed files with 96 additions and 6 deletions
@@ -137,10 +137,12 @@ func (s *Server) routes(r chi.Router) {
 	r.Get("/ws/agent/pending", s.handlePendingWS)
 	r.Mount("/static/", staticHandler())

+	// POST /logout is always mounted — it handles both local and OIDC
+	// sessions and doesn't require the UI renderer.
+	r.Post("/logout", s.handleUILogoutPost)
 	if s.deps.UI != nil {
 		r.Get("/login", s.handleUILoginGet)
 		r.Post("/login", s.handleUILoginPost)
-		r.Post("/logout", s.handleUILogoutPost)
 		r.Get("/setup", s.handleUISetupGet)
 		r.Post("/setup", s.handleUISetupPost)
 	}