From 0eadf33ae2bb914c2fd8aa6fff10f47a3f39e0e9 Mon Sep 17 00:00:00 2001
From: Rohith Jayawardene <gambol99@gmail.com>
Date: Fri, 21 Jul 2017 22:26:27 +0100
Subject: [PATCH] Revocation url (#254)

* Recovation URL

- stopping the logout handler from panicing when the revocation url has not been set. Google OpenID appears to stray from
  the OpenID spec and use's another name of the endpoint. None the less we should check beforehand

* - updating the CHANGELOG to reflect the changes
---
 CHANGELOG.md | 1 +
 handlers.go  | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6eb8409..82bfc9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ FIXES:
 * fixed a number of linting errors highlighted by gometalinter [#PR209](https://github.com/gambol99/keycloak-proxy/pull/209)
 * added docker image instructions to the readme [#PR204](https://github.com/gambol99/keycloak-proxy/pull/204)
 * added unit tests for the debug handlers [#PR223](https://github.com/gambol99/keycloak-proxy/pull/223)
+* fixing the logout handler panic when revocation url is not set [#PR254](https://github.com/gambol99/keycloak-proxy/pull/254)
 
 FEATURES
 * changed the routing engine from gin to echo
diff --git a/handlers.go b/handlers.go
index f5fae25..944ce18 100644
--- a/handlers.go
+++ b/handlers.go
@@ -295,7 +295,13 @@ func (r *oauthProxy) logoutHandler(w http.ResponseWriter, req *http.Request) {
 		}()
 	}
 
-	revocationURL := defaultTo(r.config.RevocationEndpoint, r.idp.EndSessionEndpoint.String())
+	// set the default revocation url
+	revokeDefault := ""
+	if r.idp.EndSessionEndpoint != nil {
+		revokeDefault = r.idp.EndSessionEndpoint.String()
+	}
+	revocationURL := defaultTo(r.config.RevocationEndpoint, revokeDefault)
+
 	// step: do we have a revocation endpoint?
 	if revocationURL != "" {
 		client, err := r.client.OAuthClient()
-- 
GitLab