owin MVC客户端是否有任何可用的后通道注销帮助。我正在尝试为所有客户实施单一注销。我目前能够在单个客户端注销时在BackChannelLogoutUri的帮助下实现每个客户端的SignOutCleanup函数,但是由于sid为null,因此很难删除其他客户端cookie。其他客户端因其cookie持续存在而保持登录状态。
以下是在客户端控制器中实现的代码:
public ActionResult LogOut()
{
Request.GetOwinContext().Authentication.SignOut();
return Redirect("/");
}
public void SignoutCleanup(string sid)
{
var cp = (ClaimsPrincipal)User;
var sidClaim = cp.FindFirst("sid");
if (sidClaim != null && sidClaim.Value == sid)
{
Request.GetOwinContext().Authentication.SignOut("Cookies");
}
}
但是sid返回null。
Ids4中的客户端配置:
new Client
{
ClientId = "MvcApp4",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("Mvc-Secret4".Sha256())
},
// where to redirect to after login
RedirectUris = { "http://localhost:55718/signin-oidc" },
// where to redirect to after logout
PostLogoutRedirectUris = { "http://localhost:55718/" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"API"
},
AllowOfflineAccess = true,
BackChannelLogoutSessionRequired = true,
BackChannelLogoutUri = "http://localhost:55718/Home/SignoutCleanup/"
}