Use login URL to clear site data

oidc/viewsets.py

@@ -114,7 +114,10 @@ def _get_client(self, auth_server: str) -> Optional[OpenIDClient]:
     def login(self, request: HttpRequest, **kwargs: dict) -> HttpResponse:
         client = self._get_client(auth_server=kwargs.get("auth_server"))
         if client:
-            return client.login(redirect_after=request.query_params.get("next"))
+            response = client.login(redirect_after=request.query_params.get("next"))
+            # Add Clear-Site-Data headers
+            response["Clear-Site-Data"] = '"cache", "cookies"'
+            return response
         return HttpResponseBadRequest(
             _("Unable to process OpenID connect login request."),
         )

tests/test_viewsets.py

@@ -11,7 +11,7 @@
 from mock import MagicMock, patch
 from rest_framework.test import APIRequestFactory
 
-from oidc.viewsets import UserModelOpenIDConnectViewset
+from oidc.viewsets import UserModelOpenIDConnectViewset, BaseOpenIDConnectViewset
 
 User = get_user_model()
 
@@ -592,6 +592,15 @@ def test_auth_code_flow(self, mock_retrieve_auth_code):
         self.assertEqual(response.status_code, 302)
         self.assertEqual(response.url, "http://localhost:3000")
 
+    @override_settings(OPENID_CONNECT_AUTH_SERVERS=OPENID_CONNECT_AUTH_SERVERS)
+    @override_settings(OPENID_CONNECT_VIEWSET_CONFIG=OPENID_CONNECT_VIEWSET_CONFIG)
+    def test_base_open_id_connect_viewset(self):
+        viewset_class = BaseOpenIDConnectViewset
+        view = viewset_class.as_view({"get": "login"})
+        request = self.factory.get("/")
+        response = view(request, auth_server="default")
+        self.assertEqual(response.headers["Clear-Site-Data"], '"cache", "cookies"')
+
     @patch(
         "oidc.viewsets.OpenIDClient.verify_and_decode_id_token",
         MagicMock(