From 7cf227d3dd98de306acbc2fb2b0022ea8cb4d32e Mon Sep 17 00:00:00 2001
From: grimsi <9295182+grimsi@users.noreply.github.com>
Date: Thu, 25 Sep 2025 14:25:40 +0200
Subject: [PATCH] Fix logout for SSO users

---
 app/src/main/frontend/components/ProfileMenu.tsx  | 11 +----------
 .../gameyfin/app/core/security/SecurityConfig.kt  | 15 +++++++++++----
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/app/src/main/frontend/components/ProfileMenu.tsx b/app/src/main/frontend/components/ProfileMenu.tsx
index 71909ad..b6a8043 100644
--- a/app/src/main/frontend/components/ProfileMenu.tsx
+++ b/app/src/main/frontend/components/ProfileMenu.tsx
@@ -2,7 +2,6 @@ import {useAuth} from "Frontend/util/auth";
 import {GearFine, Question, SignOut, User} from "@phosphor-icons/react";
 import {Dropdown, DropdownItem, DropdownMenu, DropdownTrigger} from "@heroui/react";
 import {useNavigate} from "react-router";
-import {ConfigEndpoint} from "Frontend/generated/endpoints";
 import Avatar from "Frontend/components/general/Avatar";
 import {CollectionElement} from "@react-types/shared";
 import {isAdmin} from "Frontend/util/utils";
@@ -11,14 +10,6 @@ export default function ProfileMenu() {
     const auth = useAuth();
     const navigate = useNavigate();
 
-    async function logout() {
-        if (auth.state.user?.managedBySso) {
-            window.location.href = (await ConfigEndpoint.getSsoLogoutUrl()) || "/";
-        } else {
-            await auth.logout();
-        }
-    }
-
     const profileMenuItems = [
         {
             label: "My Profile",
@@ -39,7 +30,7 @@ export default function ProfileMenu() {
         {
             label: "Sign Out",
             icon: <SignOut/>,
-            onClick: logout,
+            onClick: auth.logout,
             color: "primary"
         },
     ];
diff --git a/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt b/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt
index 9edcba0..8397afa 100644
--- a/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt
+++ b/app/src/main/kotlin/org/gameyfin/app/core/security/SecurityConfig.kt
@@ -76,12 +76,14 @@ class SecurityConfig(
         // Not needed since the frontend is served by the backend
         http.cors { cors -> cors.disable() }
 
-        http.with(VaadinSecurityConfigurer.vaadin()) { configurer ->
-            // use a custom login view and redirect to root on logout
-            configurer.loginView("/login", "/")
-        }
 
         if (config.get(ConfigProperties.SSO.OIDC.Enabled) == true) {
+
+            http.with(VaadinSecurityConfigurer.vaadin()) { configurer ->
+                // Redirect to SSO provider on logout
+                configurer.loginView("/login", config.get(ConfigProperties.SSO.OIDC.LogoutUrl))
+            }
+
             // Use custom success handler to handle user registration
             http.oauth2Login { oauth2Login -> oauth2Login.successHandler(ssoAuthenticationSuccessHandler) }
             // Prevent unnecessary redirects
@@ -91,6 +93,11 @@ class SecurityConfig(
             http.exceptionHandling { exceptionHandling ->
                 exceptionHandling.authenticationEntryPoint(CustomAuthenticationEntryPoint())
             }
+        } else {
+            // Use default Vaadin login URLs
+            http.with(VaadinSecurityConfigurer.vaadin()) { configurer ->
+                configurer.loginView("/login")
+            }
         }
 
         if ("dev" in environment.activeProfiles) {