Identity Server 4 Post Logout URL Null
I'm having some issues trying to figure out how to get the post logout URL working in my ASP.NET Core MVC application. I have been following examples from the Identity Server documentation and other posts, though I'm not quite sure where I'm going wrong. The user is successfully logged out of the application, then redirected to Identity Server and logged out there, but I notice that the id_token parameter is not being passed to Identity Server, so even though the post logout parameter is present, it's not being used.
My middleware config looks correct, I feel it's an issue with how I'm creating the application cookie and the token is not really being saved anywhere where it can be re-used.
I'm currently only using the "code" response type, but this does seem to also include an identity token along with the authorization token.
Startup.cs:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddJwtBearer("Bearer", options =>
{
options.Authority = Configuration["IdentityServerSettings:AuthorityUrl"];
options.RequireHttpsMetadata = false;
options.Audience = Configuration["IdentityServerSettings:Audience"];
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect("oidc", options =>
{
options.Authority = Configuration["IdentityServerSettings:AuthorityUrl"];
options.ClientId = "myClient";
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.SignedOutRedirectUri = "http://localhost:55690/account/logoutcallback";
options.SignedOutCallbackPath = "/account/logoutcallback";
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
AccountController.cs
Logout methods:
public async Task<IActionResult> Logout()
{
return new SignOutResult(new[] { CookieAuthenticationDefaults.AuthenticationScheme, "oidc" });
}
public async Task<IActionResult> LogoutCallback()
{
return RedirectToAction(nameof(Dashboard), "Account");
}
Login callback:
if (!Request.Query.ContainsKey("code"))
throw new Exception($"Request query string does not contain an authorization code. Query string: {Request.QueryString.Value}");
var authCode = Request.Query["code"].ToString();
TokenResponse tokenResponse = null;
using (var httpClient = new HttpClient())
{
tokenResponse = await httpClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = _configuration["IdentityServerDashboardSettings:TokenUrl"],
ClientId = _configuration["IdentityServerDashboardSettings:ClientId"],
RedirectUri = _configuration["IdentityServerDashboardSettings:RedirectUrl"],
Code = authCode
});
}
var handler = new JwtSecurityTokenHandler();
var jwtToken = handler.ReadToken(tokenResponse.AccessToken) as JwtSecurityToken;
var identity = new ClaimsIdentity(jwtToken.Claims, CookieAuthenticationDefaults.AuthenticationScheme);
identity.AddClaim(new Claim("id_token", tokenResponse.IdentityToken));
var claimsPrinciple = new ClaimsPrincipal();
claimsPrinciple.AddIdentity(identity);
await HttpContext.SignInAsync(claimsPrinciple);
return RedirectToAction(nameof(Dashboard), "Account");
Everything else works fine, SignOutResult successfully constructs the logout URL and redirects to Identity Server, but it's missing the id_token in the parameters. I can't really find any examples on how I'm supposed to store this for later use, a lot of examples I've came across seem to just work automatically. Is there something I've configured wrong?
To redirect back to MVC client, make following changes:
- Change
PostLogoutRedirectUrison Client's config within IdentityServer to be like this:
PostLogoutRedirectUris = { "http://localhost:55690/signout-callback-oidc"
- On MVC client's OpenId connect setup remove
SignedOutRedirectUriandSignedOutCallbackPath
The default value for AccountOptions - AutomaticRedirectAfterSignOut is false and you may see a page like image bellow, asking to click on here to get back to mvc client:
for automatic redirect you can set AccountOptions - AutomaticRedirectAfterSignOut to true on IdentityServer project.
Here is a sample I did myself.
- The specified cast from a materialized 'System.Int32' type to the 'System.Double' type is not valid
- Bin and Obj Folder - Team Foundation Server Issues
- Configuration Error related to targetFramework in web.config
- Setting a "Content-Disposition" HTTP Header in Web API
- Populating dropdown with data entered by other users
- How do I protect a file from direct download?
- ASP.NET mvc auth or session expires quicker than set
- How do I prevent an end user from modifying an object by its primary key via an overposting attack in C#/.NET?
- What problems will I face if I force the use of keywords like "public" and "private" in ASP.NET MVC Area names?
- How to detect if ASP.NET site is running locally, in azure web role, or azure web site?
- Get URL to website from within Application_Start?
- How to get the Silverlight XAP copied to the clientbin on build
- WebAPI ModelBinder Error
- Circular referencing with three .NET class libraries
- Entity Framework Migration - Alter Table Statement Conflicted with Foreign Key Constraint
- ASP.NET MVC changes route elements, want them back as original route, not params
- How to get website ranking by query in google
- Return content is "blank" when deployed on production
- Looking for a very simple Cache example
- How do you share scripts among multiple projects in one solution?
- ASP.NET page content in database vs file performance?
- How can I automatically compress and minimize JavaScript files in an ASP.NET MVC app?
- How do I add multiple values in EnumMember attribute?
- ASP .NET MVC: How to create a Javascript file that contains the functions?
- Power BI iframe Stealing page focus
- 500 - Internal server error after publish on server
- increment in asp.net mvc razor view
- VS 2022 - How to prevent creating .gz files on publish
- ASP.NET MVC: Register action filter without modifying controller
- Cannot resolve scoped service from root provider - solution to error?