我在注销时遇到问题。首先,我想描述一下我的设置。
当我从client1注销时,它不会触发client2中的注销。 Client2会话仍处于活动状态。
IDP配置:
new Client
{
ClientId = "MVC App",
ClientName = "Asp.Net MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:40020/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:40020/signout-callback-oidc" },
FrontChannelLogoutUri = "http://localhost:40020/account/logout",
UpdateAccessTokenClaimsOnRefresh = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
"api1"
},
RequireConsent = false,
AllowOfflineAccess = true,
}, new Client
{
ClientId = "Asp.Net Core App",
ClientName = "Asp.Net Core MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:50020/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:50020/signout-callback-oidc" },
FrontChannelLogoutUri = "http://localhost:50020/account/logout",
UpdateAccessTokenClaimsOnRefresh = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
"api1"
},
RequireConsent = false,
AllowOfflineAccess = true,
}
客户端1:
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
}) .AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost:50000";
options.RequireHttpsMetadata = false;
options.ClientId = "Asp.Net Core App";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.Scope.Add("api1");
options.Scope.Add("offline_access");
options.ClaimActions.MapJsonKey("website", "website");
});
Client2:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "MVC App",
ClientSecret = "secret",
Authority = "http://localhost:53796",
RedirectUri = "http://localhost:40020/signin-oidc",
PostLogoutRedirectUri = "http://localhost:40020/signout-callback-oidc",
ResponseType = "code id_token",
Scope = "openid profile api1 offline_access",
Resource = "api1",
//RequireHttpsMetadata = false,
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
var tokenClient = new TokenClient(
options.IdentityUrl + "connect/token",
options.ClientId,
options.ClientSecret
);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
if (tokenResponse.IsError)
{
throw new AuthenticationException(tokenResponse.Error);
}
var userInfoClient = new UserInfoClient(options.IdentityUrl + "connect/userinfo");
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(userInfoResponse.Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString(CultureInfo.InvariantCulture)));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType, JwtClaimTypes.Name, JwtClaimTypes.Role),
n.AuthenticationTicket.Properties
);
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType != OpenIdConnectRequestType.LogoutRequest)
{
return Task.FromResult(0);
}
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
return Task.FromResult(0);
}
}
Client1注销:
SignOutResult(new[] { "Cookies", "oidc" });
Client2注销:
Request.GetOwinContext().Authentication.SignOut("Cookies");