foxia-auth-logout

NestJS module for session revocation via Hydra Backchannel Logout. Supports Single Sign Out (SLO).

Installation

npm install foxia-auth-logout

Quick Start

1. Import Module

import { SessionRevocationModule } from 'foxia-auth-logout';

@Module({
  imports: [
    SessionRevocationModule.forRootAsync({
      imports: [ConfigModule],
      inject: [ConfigService],
      useFactory: (config: ConfigService) => ({
        redis: {
          host: config.get('REDIS_HOST', 'localhost'),
          port: config.get('REDIS_PORT', 6379),
        },
        sidClaim: 'sid', // claim trong JWT chứa session ID
        ttl: 86400,      // 1 day
      }),
    }),
  ],
})
export class AppModule {}

2. Thêm Guard

import { SessionRevocationGuard } from 'foxia-auth-logout';

// Thêm bên cạnh guard auth hiện có
@Controller('users')
@UseGuards(JwtAuthGuard, SessionRevocationGuard)
export class UsersController {}

// Hoặc global
app.useGlobalGuards(
  app.get(JwtAuthGuard),
  app.get(SessionRevocationGuard),
);

3. Public Routes

import { Public } from 'foxia-auth-logout';

@Get('health')
@Public()
health() { return { status: 'ok' }; }

Configure Hydra Client

curl -X PATCH http://hydra-admin:4445/admin/clients/YOUR_CLIENT \
  -d '{"backchannel_logout_uri": "https://your-app.com/logout/backchannel"}'

How It Works

Logout → Hydra → POST /logout/backchannel → Redis (blacklist SID)
                                                    ↓
Request → Guard decode JWT → SID in blacklist? → 401

License

MIT