CZ-NIC · rohe · Dec 5, 2019 · Dec 5, 2019 · Dec 5, 2019 · tpazderka
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,8 +9,10 @@ The format is based on the [KeepAChangeLog] project.
 
 ### Added
 - [#719] Add support for JWT registration tokens
+- [#725] Accepting 501 and 504 responses on backchannel logout request
 
 [#719]: https://github.com/OpenIDC/pyoidc/pull/719
+[#725]: https://github.com/OpenIDC/pyoidc/pull/725
 
 ## 1.1.2 [2019-11-23]
 

diff --git a/src/oic/oic/provider.py b/src/oic/oic/provider.py
@@ -2298,6 +2298,11 @@ def do_verified_logout(
 
                 if res.status_code < 300:
                     logger.info("Logged out from {}".format(_cid))
+                elif res.status_code in [501, 504]:
+                    logger.info(
+                        "Received a %s error, which is OK according to the spec",
+                        res.status_code,
+                    )
                 else:
                     _errstr = "failed to logout from {}".format(_cid)
                     if self.events:

diff --git a/tests/test_oic_provider_logout.py b/tests/test_oic_provider_logout.py
@@ -1085,3 +1085,53 @@ def test_logout_from_clients_one_without_logout_info(self):
         assert set(res.keys()) == {"back_channel", "front_channel"}
         assert set(res["back_channel"].keys()) == {"number5"}
         assert set(res["front_channel"].keys()) == {"number5"}
+
+    def test_do_bc_logout_501_response(self):
+        self._code_auth()
+
+        # client0
+        self.provider.cdb["number5"][
+            "backchannel_logout_uri"
+        ] = "https://example.com/bc_logout"
+        self.provider.cdb["number5"]["client_id"] = "number5"
+
+        try:
+            del self.provider.cdb["number5"]["frontchannel_logout_uri"]
+        except KeyError:
+            pass
+
+        # Get a session ID, anyone will do.
+        # I know the session backend DB is a DictSessionBackend so I can use that
+        _sid = list(self.provider.sdb._db.storage.keys())[0]
+
+        with responses.RequestsMock() as rsps:
+            rsps.add(rsps.POST, "https://example.com/bc_logout", status=501)
+            res = self.provider.do_verified_logout(_sid, "number5", alla=True)
+
+        # Accepted the 501
+        assert set(res.keys()) == {"cookie"}
+
+    def test_do_bc_logout_504_response(self):
+        self._code_auth()
+
+        # client0
+        self.provider.cdb["number5"][
+            "backchannel_logout_uri"
+        ] = "https://example.com/bc_logout"
+        self.provider.cdb["number5"]["client_id"] = "number5"
+
+        try:
+            del self.provider.cdb["number5"]["frontchannel_logout_uri"]
+        except KeyError:
+            pass
+
+        # Get a session ID, anyone will do.
+        # I know the session backend DB is a DictSessionBackend so I can use that
+        _sid = list(self.provider.sdb._db.storage.keys())[0]
+
+        with responses.RequestsMock() as rsps:
+            rsps.add(rsps.POST, "https://example.com/bc_logout", status=504)
+            res = self.provider.do_verified_logout(_sid, "number5", alla=True)
+
+        # Accepted the 504
+        assert set(res.keys()) == {"cookie"}