Fork Sync Branch 17.0

README.md

@@ -31,7 +31,7 @@ addon | version | maintainers | summary
 [auth_ldaps](auth_ldaps/) | 17.0.1.0.0 |  | Allows to use LDAP over SSL authentication
 [auth_oauth_autologin](auth_oauth_autologin/) | 17.0.1.0.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | Automatically redirect to the OAuth provider for login
 [auth_oauth_multi_token](auth_oauth_multi_token/) | 17.0.1.1.1 |  | Allow multiple connection with the same OAuth account
-[auth_oidc](auth_oidc/) | 17.0.1.1.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | Allow users to login through OpenID Connect Provider
+[auth_oidc](auth_oidc/) | 17.0.1.2.0 | <a href='https://github.com/sbidoul'><img src='https://github.com/sbidoul.png' width='32' height='32' style='border-radius:50%;' alt='sbidoul'/></a> | Allow users to login through OpenID Connect Provider
 [auth_saml](auth_saml/) | 17.0.1.0.3 | <a href='https://github.com/vincent-hatakeyama'><img src='https://github.com/vincent-hatakeyama.png' width='32' height='32' style='border-radius:50%;' alt='vincent-hatakeyama'/></a> | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 17.0.1.0.1 |  | This module disable all inactive sessions since a given delay
 [auth_signup_verify_email](auth_signup_verify_email/) | 17.0.1.0.0 |  | Force uninvited users to use a good email for signup

auth_oidc/README.rst

@@ -1,3 +1,7 @@
+.. image:: https://odoo-community.org/readme-banner-image
+   :target: https://odoo-community.org/get-involved?utm_source=readme
+   :alt: Odoo Community Association
+
 =============================
 Authentication OpenID Connect
 =============================
@@ -7,13 +11,13 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:3096227b4ab79c036812a7fefcac69f61356e55ece061ec82bd3b51c54fce263
+   !! source digest: sha256:9fb171c24622a7ada2230b91cec8ce45289545f3124d9e18492e260023d6410f
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
     :target: https://odoo-community.org/page/development-status
     :alt: Beta
-.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+.. |badge2| image:: https://img.shields.io/badge/license-AGPL--3-blue.png
     :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
     :alt: License: AGPL-3
 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
@@ -75,23 +79,23 @@ Single tenant provider limits the access to user of your tenant, while
 Multitenants allow access for all AzureAD users, so user of foreign
 companies can use their AzureAD login without an guest account.
 
--  Provider Name: Azure AD Single Tenant
--  Client ID: Application (client) id
--  Client Secret: Client secret
--  Allowed: yes
+- Provider Name: Azure AD Single Tenant
+- Client ID: Application (client) id
+- Client Secret: Client secret
+- Allowed: yes
 
 or
 
--  Provider Name: Azure AD Multitenant
--  Client ID: Application (client) id
--  Client Secret: Client secret
--  Allowed: yes
--  replace {tenant_id} in urls with your Azure tenant id
+- Provider Name: Azure AD Multitenant
+- Client ID: Application (client) id
+- Client Secret: Client secret
+- Allowed: yes
+- replace {tenant_id} in urls with your Azure tenant id
 
 |image2|
 
--  Auth Link Params: Add {'prompt':'select_account'} to the auth link to
-   get the account selection screen |image3|
+- Auth Link Params: Add {'prompt':'select_account'} to the auth link to
+  get the account selection screen |image3|
 
 Setup for Keycloak
 ------------------
@@ -109,22 +113,22 @@ In Keycloak:
 
 In Odoo, create a new Oauth Provider with the following parameters:
 
--  Provider name: Keycloak (or any name you like that identify your
-   keycloak provider)
--  Auth Flow: OpenID Connect (authorization code flow)
--  Client ID: the same Client ID you entered when configuring the client
-   in Keycloak
--  Client Secret: found in keycloak on the client Credentials tab
--  Allowed: yes
--  Body: the link text to appear on the login page, such as Login with
-   Keycloak
--  Scope: openid email
--  Authentication URL: The "authorization_endpoint" URL found in the
-   OpenID Endpoint Configuration of your Keycloak realm
--  Token URL: The "token_endpoint" URL found in the OpenID Endpoint
-   Configuration of your Keycloak realm
--  JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint
-   Configuration of your Keycloak realm
+- Provider name: Keycloak (or any name you like that identify your
+  keycloak provider)
+- Auth Flow: OpenID Connect (authorization code flow)
+- Client ID: the same Client ID you entered when configuring the client
+  in Keycloak
+- Client Secret: found in keycloak on the client Credentials tab
+- Allowed: yes
+- Body: the link text to appear on the login page, such as Login with
+  Keycloak
+- Scope: openid email
+- Authentication URL: The "authorization_endpoint" URL found in the
+  OpenID Endpoint Configuration of your Keycloak realm
+- Token URL: The "token_endpoint" URL found in the OpenID Endpoint
+  Configuration of your Keycloak realm
+- JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint
+  Configuration of your Keycloak realm
 
 .. |image| image:: https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png
 .. |image1| image:: https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png
@@ -139,58 +143,58 @@ On the login page, click on the authentication provider you configured.
 Known issues / Roadmap
 ======================
 
--  When going to the login screen, check for a existing token and do a
-   direct login without the clicking on the SSO link
--  When doing a logout an extra option to also logout at the SSO
-   provider.
+- When going to the login screen, check for a existing token and do a
+  direct login without the clicking on the SSO link
+- When doing a logout an extra option to also logout at the SSO
+  provider.
 
 Changelog
 =========
 
 17.0.1.0.0 2024-03-20
 ---------------------
 
--  Odoo 17 migration
+- Odoo 17 migration
 
 16.0.1.1.0 2024-02-28
 ---------------------
 
--  Forward port OpenID Connect fixes from 15.0 to 16.0
+- Forward port OpenID Connect fixes from 15.0 to 16.0
 
 16.0.1.0.2 2023-11-16
 ---------------------
 
--  Readme link updates
+- Readme link updates
 
 16.0.1.0.1 2023-10-09
 ---------------------
 
--  Add AzureAD code flow provider
+- Add AzureAD code flow provider
 
 16.0.1.0.0 2023-01-27
 ---------------------
 
--  Odoo 16 migration
+- Odoo 16 migration
 
 15.0.1.0.0 2023-01-06
 ---------------------
 
--  Odoo 15 migration
+- Odoo 15 migration
 
 14.0.1.0.0 2021-12-10
 ---------------------
 
--  Odoo 14 migration
+- Odoo 14 migration
 
 13.0.1.0.0 2020-04-10
 ---------------------
 
--  Odoo 13 migration, add authorization code flow.
+- Odoo 13 migration, add authorization code flow.
 
 10.0.1.0.0 2018-10-05
 ---------------------
 
--  Initial implementation
+- Initial implementation
 
 Bug Tracker
 ===========
@@ -215,10 +219,10 @@ Authors
 Contributors
 ------------
 
--  Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
--  Stéphane Bidoul <stephane.bidoul@acsone.eu>
--  David Jaen <david.jaen.revert@gmail.com>
--  Andreas Perhab <andreas.perhab@wt-io-it.at>
+- Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
+- Stéphane Bidoul <stephane.bidoul@acsone.eu>
+- David Jaen <david.jaen.revert@gmail.com>
+- Andreas Perhab <andreas.perhab@wt-io-it.at>
 
 Maintainers
 -----------

auth_oidc/__manifest__.py

@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "17.0.1.1.0",
+    "version": "17.0.1.2.0",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "

auth_oidc/i18n/auth_oidc.pot

@@ -40,6 +40,11 @@ msgstr ""
 msgid "Code Verifier"
 msgstr ""
 
+#. module: auth_oidc
+#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint
+msgid "End Session URL"
+msgstr ""
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri
 msgid "JWKS URL"

auth_oidc/i18n/es.po

@@ -43,6 +43,11 @@ msgstr "Secreto del cliente"
 msgid "Code Verifier"
 msgstr "Verificador del código"
 
+#. module: auth_oidc
+#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint
+msgid "End Session URL"
+msgstr ""
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri
 msgid "JWKS URL"

auth_oidc/i18n/it.po

@@ -6,15 +6,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"PO-Revision-Date: 2024-10-23 09:06+0000\n"
+"PO-Revision-Date: 2025-11-03 09:42+0000\n"
 "Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.6.2\n"
+"X-Generator: Weblate 5.10.4\n"
 
 #. module: auth_oidc
 #: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__auth_link_params
@@ -45,6 +45,11 @@ msgstr "Chiave segreta client"
 msgid "Code Verifier"
 msgstr "Verificatore codice"
 
+#. module: auth_oidc
+#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint
+msgid "End Session URL"
+msgstr "URL fine sessione"
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri
 msgid "JWKS URL"

auth_oidc/i18n/zh_CN.po

@@ -43,6 +43,11 @@ msgstr "客户端密钥"
 msgid "Code Verifier"
 msgstr "代码验证器"
 
+#. module: auth_oidc
+#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint
+msgid "End Session URL"
+msgstr ""
+
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri
 msgid "JWKS URL"

auth_oidc/models/auth_oauth_provider.py

@@ -50,6 +50,7 @@ class AuthOauthProvider(models.Model):
         help="Additional parameters for the auth link. "
         "For example: {'prompt':'select_account'}"
     )
+    end_session_endpoint = fields.Char(string="End Session URL")
 
     @tools.ormcache("self.jwks_uri", "kid")
     def _get_keys(self, kid):