Development Build
**Version:** dev-42-04ed5ef8
**Commit:** 04ed5ef
**Branch:** develop
**Build:** #42
### Docker Image
```
ghcr.io/DRYTRIX/TimeTracker:develop
```
### Quick Start
```bash
docker pull ghcr.io/DRYTRIX/TimeTracker:develop
docker-compose -f deployment-dev.yml up -d
```
### Changes
fix(oidc): only perform RP-Initiated Logout when OIDC_POST_LOGOUT_REDIRECT_URI is set
ixes #88
When OIDC_POST_LOGOUT_REDIRECT_URI was unset, the application was still
attempting RP-Initiated Logout by falling back to a generated redirect URL.
This caused issues with OIDC providers like Authelia that don't support
RP-Initiated Logout, resulting in failed redirects to unsupported endpoints.
Changes:
- Modified logout logic in app/routes/auth.py to only attempt provider
logout when OIDC_POST_LOGOUT_REDIRECT_URI is explicitly configured - If unset, users are now logged out locally and redirected to the
TimeTracker login page (expected behavior) - If set, RP-Initiated Logout proceeds as before (backward compatible)
Documentation:
- Updated docs/OIDC_SETUP.md with guidance on when to set the config
- Added clear comments in env.example explaining optional behavior
- Documented troubleshooting steps for providers without RP-Initiated
Logout support (e.g., Authelia)
Tests:
- Added comprehensive test suite (tests/test_oidc_logout.py) with 9 tests
covering different logout scenarios and edge cases - All existing tests continue to pass (no regressions)
This change is fully backward compatible. Users with providers supporting
RP-Initiated Logout can continue using OIDC_POST_LOGOUT_REDIRECT_URI as
before. Users with providers like Authelia should leave it unset for
local-only logout.
---
*This is an automated development build. Use at your own risk.*