我有一个与Identity Server 4集成的Angular应用程序。我无法实现注销。我在打电话 signoutRedirect
我注意到正在调用id_token_hint和postlogoutredirecturi的connect / endSession。
在调试模式下,调用了AccountController中的注销功能,但未验证User。
如果我使用相同的endSession请求并运行它或从浏览器中调用它,那么它会起作用,并且cookie将被删除
我的服务器配置
public void ConfigureServices(IServiceCollection services)
{
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients())
.AddProfileService<UserProfileService>();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies");
.AddOpenIdConnect("oidc", "OpenID Connect", options =>
{
options.SignInScheme = IdentityServerConstants.DefaultCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Authority = "https://demo.identityserver.io/";
//options.Authority = "https://localhost:5000/";
options.ClientId = "mvc";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
//Allow CORS
services.AddCors();
// Register the Swagger generator, defining 1 or more Swagger documents
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "RegalPay IDP Service",
Version = "v1",
Description = "A RegalPay IDP service web API",
TermsOfService = "None",
Contact = new Contact
{
Name = "Regal Software",
Email = string.Empty,
Url = "https://regal-software.com/"
},
});
// Set the comments path for the Swagger JSON and UI.
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
c.OperationFilter<AddAuthorizationHeader>();
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors(builder =>
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
);
app.UseCors("AllowAll");
app.UseHttpsRedirection();
// Enable middleware to serve generated Swagger as a JSON endpoint.
app.UseSwagger();
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
// specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "RegalPay IDP Service");
});
app.ConfigureCustomExceptionMiddleware();
app.UseStaticFiles();
app.UseIdentityServer();
app.UseMvc();
app.UseMvcWithDefaultRoute();
}
public static IEnumerable GetClients()
{
return new List
{
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:4200/auth-callback" },
PostLogoutRedirectUris = {"https://demo.identityserver.io/Account/Logout"},
AllowedCorsOrigins = {"http://localhost:4200"},
AllowedScopes = {IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"},
IdentityTokenLifetime = 60,
AccessTokenLifetime = 60,
AuthorizationCodeLifetime = 60,
AllowAccessTokensViaBrowser = true,
}
};
}
and my client configuration is
export function getClientSettings(): UserManagerSettings {
return {
authority: 'http://localhost:50000',
// client_id: 'angular_spa',
client_id: 'mvc',
// client_secret: 'secret',
redirect_uri: 'http://localhost:4200/auth-callback',
// post_logout_redirect_uri: 'http://localhost:4200/auth-callback',
//post_logout_redirect_uri: 'http://localhost:4200/home/',
post_logout_redirect_uri: 'https://demo.identityserver.io/Account/Logout',
//AllowedCorsOrigins = 'http://localhost:4200',
response_type:"id_token token",
// response_type: "token id_token",
scope:"openid profile api1",
filterProtocolClaims: true,
loadUserInfo: true //,
// automaticSilentRenew: true,
//silent_redirect_uri: 'http://localhost:4200/silent-refresh.html'
};
}