我有一个由Identity Server保护的门户,具有Authorization_code授予类型
HttpContext.SignInAsync(ClaimsPrincipal)
工作正常,并将具有声明的用户重定向到门户,但是
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
在无法触发endsession端点将用户重定向到身份服务器下的注销操作的地方,该方法不起作用
public async Task Logout()
{
await HttpContext.SignOutAsync
(CookieAuthenticationDefaults.AuthenticationScheme);
}
startup.cs
ConfigureService(IServiceCollection services)
services.AddAuthentication()
.AddCookie(cookieOptions =>
{
var tempProvider = services.BuildServiceProvider();
cookieOptions.Cookie.Name = "PortalAuth";
cookieOptions.Cookie.HttpOnly = true;
cookieOptions.SessionStore =
tempProvider.GetRequiredService<ITicketStore>();
configureCookieOptions?.Invoke(cookieOptions);
})
.AddIdentityServerAuthentication(
IdentityServerAuthenticationDefaults.AuthenticationScheme,
idServOptions =>
{
idServOptions.Authority =
options.AuthorizationServiceUrl;
idServOptions.RequireHttpsMetadata = false;
idServOptions.ApiName = options.ApplicationName;
idServOptions.ApiSecret = options.ApplicationSecret;
idServOptions.EnableCaching = true;
idServOptions.CacheDuration =
TimeSpan.FromMinutes(1);
idServOptions.SupportedTokens =
SupportedTokens.Reference;
configureIdentityServerOptions?.Invoke(idServOptions);
idServOptions.Validate();
});
var client = new Client{
...
RedirectUris = { "http://localhost:12345" },
PostLogoutRedirectUris = { "http://localhost:12345" },
}
在设置中我还缺少什么来触发endsession端点。 如果我需要手动调用结束会话,那么如何获取id_token_hint,并且我正在使用authorization_code授予类型
var disco = await
DiscoveryClient.GetAsync(Constants.AuthorizationServiceUrl);
var endSessionUrl = new
RequestUrl(disco.EndSessionEndpoint)
.CreateEndSessionUrl(IdTokenHint:?,State:?);
return Redirect(endSessionUrl);