asp.netasp.net-mvcopenid-connectowin-middleware

how to pass custom authentication property to openid connect middleware during signout?


I want to pass a url parameter to endsession endpoint of my idp.

this is how I am trying to do this:

in my client application's signout action I have :

var authprops = new AuthenticationProperties { RedirectUri = postSignoutReturnUrl };
authprops.Dictionary["custom"] = "custom";
HttpContext.GetOwinContext().Authentication.SignOut( authprops,
                OpenIdConnectAuthenticationDefaults.AuthenticationType,
                CookieAuthenticationDefaults.AuthenticationType);

in my openid connect middleware I have:

new OpenIdConnectAuthenticationNotifications
            {
                
                RedirectToIdentityProvider = n =>
                {
                    ....

                    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
                    {
//the state is null during signout !!!
                        if (n.ProtocolMessage.State != null)
                        {
                            var protectedState = n.ProtocolMessage.State.Split('=')[1];
                            var state = n.Options.StateDataFormat.Unprotect(protectedState);

                            if (state.Dictionary.TryGetValue("custom", out string customParam))
                                n.ProtocolMessage.SetParameter("custom", customParam);
                        }
                    }

                    return Task.CompletedTask;
                },

any suggestion on how to do this the right way?


Solution

  • After you called owinContext.Signout(authenticationProperties, ...), the authenticationProperties become accessible trough owinContext.Authentication.AuthenticationResponseRevoke.Properties.

    Similarly, you can access the authenticationProperties for:

    The IOwinContext can be found in the RedirectToIdentityProviderNotification.OwinContext (it's part of the Microsoft.Owin.Security.Provider.BaseContext.