Update docs and status code changes

ZohebShaikh · ZohebShaikh · commit eb97098a4d5c · 2025-08-15T16:45:21.000+01:00
diff --git a/docs/how-to/authenticate.md b/docs/how-to/authenticate.md
@@ -1,4 +1,8 @@
-# Authenticate to BlueAPI
+> [!NOTE]
+> If you are using `oauth2-proxy` to secure the Swagger UI documentation page, you can log out by visiting the `/logout` URL. For this to work correctly, ensure that the blueapi server is configured with 
+> `oidc.logout_redirect_endpoint` set to `/oauth2/sign_out`, which is required for `oauth2-proxy`.
+
+# Authenticate to BlueAPI-Cli
 
 ## Introduction
 BlueAPI provides a secure and efficient way to interact with its services. This guide walks you through the steps to log in and log out using BlueAPI with OpenID Connect (OIDC) authentication.
@@ -63,9 +67,3 @@ To log out and securely remove the cached access token, follow these steps:
    ```
    Logged out
    ```
-
-
-> [!NOTE]
-> The login and logout instructions above apply to the CLI. If you are using `oauth2-proxy` to secure the Swagger
-> UI documentation page, you can log out by visiting the `/logout` URL. For other OIDC providers, update the 
-> `oidc.logout_redirect_endpoint` configuration to the appropriate logout endpoint.
diff --git a/docs/reference/openapi.yaml b/docs/reference/openapi.yaml
@@ -93,10 +93,11 @@ components:
           title: Client Id
           type: string
         logout_redirect_endpoint:
-          default: /oauth2/sign_out
+          anyOf:
+          - type: string
+          - type: 'null'
           description: The oidc endpoint required to logout
           title: Logout Redirect Endpoint
-          type: string
         well_known_url:
           description: URL to fetch OIDC config from the provider
           title: Well Known Url
diff --git a/src/blueapi/config.py b/src/blueapi/config.py
@@ -162,8 +162,8 @@ class OIDCConfig(BlueapiBaseModel):
     )
     client_id: str = Field(description="Client ID")
     client_audience: str = Field(description="Client Audience(s)", default="blueapi")
-    logout_redirect_endpoint: str = Field(
-        description="The oidc endpoint required to logout", default="/oauth2/sign_out"
+    logout_redirect_endpoint: str | None = Field(
+        description="The oidc endpoint required to logout", default=None
     )
 
     @cached_property
diff --git a/src/blueapi/service/main.py b/src/blueapi/service/main.py
@@ -536,11 +536,11 @@ def health_probe() -> HealthProbeResponse:
 
 
 @secure_router.get("/logout", include_in_schema=False)
-def logout(runner: Annotated[WorkerDispatcher, Depends(_runner)]) -> RedirectResponse:
+def logout(runner: Annotated[WorkerDispatcher, Depends(_runner)]) -> Response:
     """Redirect to logout url"""
     config = runner.run(interface.get_oidc_config)
-    if config is None:
-        raise HTTPException(status_code=status.HTTP_204_NO_CONTENT)
+    if config is None or config.logout_redirect_endpoint is None:
+        raise HTTPException(status_code=status.HTTP_205_RESET_CONTENT)
     return RedirectResponse(
         status_code=status.HTTP_308_PERMANENT_REDIRECT,
         url=config.logout_redirect_endpoint,
diff --git a/tests/unit_tests/service/test_rest_api.py b/tests/unit_tests/service/test_rest_api.py
@@ -752,6 +752,7 @@ def test_logout(
     oidc_config: OIDCConfig,
     client_authenticated: TestClient,
 ):
+    oidc_config.logout_redirect_endpoint = "/oauth2/logout"
     mock_runner.run.return_value = oidc_config
     client_authenticated.follow_redirects = False
     response = client_authenticated.get("/logout")
@@ -760,11 +761,22 @@ def test_logout(
         response.headers.get("X-Auth-Request-Redirect")
         == oidc_config.end_session_endpoint
     )
+    assert response.headers.get("location") == oidc_config.logout_redirect_endpoint
 
 
+@pytest.mark.parametrize("has_oidc_config", [True, False])
 def test_logout_when_oidc_config_invalid(
-    mock_runner: Mock, mock_authn_server, client_authenticated: TestClient
+    has_oidc_config: bool,
+    mock_runner: Mock,
+    oidc_config: OIDCConfig,
+    mock_authn_server,
+    client_authenticated: TestClient,
 ):
-    mock_runner.run.return_value = None
+    if has_oidc_config:
+        oidc_config.logout_redirect_endpoint = None
+        mock_runner.run.return_value = oidc_config
+    else:
+        mock_runner.run.return_value = None
+
     response = client_authenticated.get("/logout")
-    assert response.status_code == status.HTTP_204_NO_CONTENT
+    assert response.status_code == status.HTTP_205_RESET_CONTENT

Original file line number	Diff line number	Diff line change
`@@ -162,8 +162,8 @@ class OIDCConfig(BlueapiBaseModel):`
`162`	`162`	`)`
`163`	`163`	`client_id: str = Field(description="Client ID")`
`164`	`164`	`client_audience: str = Field(description="Client Audience(s)", default="blueapi")`
`165`		`- logout_redirect_endpoint: str = Field(`
`166`		`- description="The oidc endpoint required to logout", default="/oauth2/sign_out"`
	`165`	`+ logout_redirect_endpoint: str \| None = Field(`
	`166`	`+ description="The oidc endpoint required to logout", default=None`
`167`	`167`	`)`
`168`	`168`
`169`	`169`	`@cached_property`