fix: logout url for sso (#1748)

fern-api · Oct 30, 2024 · 7d0194e · 7d0194e
1 parent 350ca16
commit 7d0194e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 11 deletions.
diff --git a/packages/ui/docs-bundle/src/pages/api/fern-docs/auth/logout.ts b/packages/ui/docs-bundle/src/pages/api/fern-docs/auth/logout.ts
@@ -1,4 +1,4 @@
-import { getLogoutUrl } from "@/server/auth/workos-session";
+import { revokeSessionForToken } from "@/server/auth/workos-session";
 import { safeUrl } from "@/server/safeUrl";
 import { getDocsDomainEdge, getHostEdge } from "@/server/xfernhost/edge";
 import { withDefaultProtocol } from "@fern-api/ui-core-utils";
@@ -13,14 +13,12 @@ export default async function GET(req: NextRequest): Promise<NextResponse> {
 
     const authConfig = await getAuthEdgeConfig(domain);
 
-    const logoutUrlRaw =
-        authConfig?.type === "basic_token_verification"
-            ? authConfig.logout
-            : authConfig?.partner === "workos"
-              ? await getLogoutUrl(req.cookies.get(COOKIE_FERN_TOKEN)?.value)
-              : undefined;
+    if (authConfig?.type === "sso" && authConfig.partner === "workos") {
+        // revoke session in WorkOS
+        await revokeSessionForToken(req.cookies.get(COOKIE_FERN_TOKEN)?.value);
+    }
 
-    const logoutUrl = safeUrl(logoutUrlRaw);
+    const logoutUrl = safeUrl(authConfig?.type === "basic_token_verification" ? authConfig.logout : undefined);
 
     // if logout url is provided, append the state to it before redirecting
     if (req.nextUrl.searchParams.has("state")) {

diff --git a/packages/ui/docs-bundle/src/server/auth/workos-session.ts b/packages/ui/docs-bundle/src/server/auth/workos-session.ts
@@ -25,7 +25,7 @@ async function refreshSession(session: WorkOSSession): Promise<WorkOSSession | u
     }
 }
 
-async function getLogoutUrl(fern_token: string | undefined): Promise<string | undefined> {
+async function revokeSessionForToken(fern_token: string | undefined): Promise<void> {
     if (fern_token == null) {
         return undefined;
     }
@@ -36,7 +36,7 @@ async function getLogoutUrl(fern_token: string | undefined): Promise<string | un
     }
 
     const { sid: sessionId } = decodeJwt<AccessToken>(session.accessToken);
-    return workos().userManagement.getLogoutUrl({ sessionId });
+    return workos().userManagement.revokeSession({ sessionId });
 }
 
 const withJWKS = once(() => createRemoteJWKSet(new URL(workos().userManagement.getJwksUrl(getWorkOSClientId()))));
@@ -86,4 +86,4 @@ async function toSessionUserInfo(session?: WorkOSSession): Promise<WorkOSUserInf
     return { user: null };
 }
 
-export { encryptSession, getLogoutUrl, getSessionFromToken, refreshSession, toSessionUserInfo };
+export { encryptSession, getSessionFromToken, refreshSession, revokeSessionForToken, toSessionUserInfo };