我要从IdentityServer 4和所有客户端注销用户。我知道,我可以使用UI中的注销按钮来简单地注销,但是我需要通过服务器端(通过其他应用程序的API调用)注销用户。
我的一个客户需要具有一种方法(LogoutUserGlobal)和简单参数-userId的匿名API。 我的MVC客户端将为用户存储accessToken,API方法将使用用户令牌调用“ / connect / endsession” identityserver4端点。 但是会话仍然有效,并且用户已在IdentityServer和MVC Client中签名。
作为对GET“ {idSrv} / connect / endsession?id_token_hint = {token}”的响应,我在内容中看到了登录名。
我记录我有成功消息:
2019-11-08 09:15:10.765 +01:00 [DBG] Request path /connect/endsession matched to endpoint type Endsession
2019-11-08 09:15:10.767 +01:00 [DBG] Endpoint enabled: Endsession, successfully created handler: IdentityServer4.Endpoints.EndSessionEndpoint
2019-11-08 09:15:10.767 +01:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.EndSessionEndpoint for /connect/endsession
2019-11-08 09:15:10.768 +01:00 [DBG] Processing signout request for anonymous
2019-11-08 09:15:10.768 +01:00 [DBG] Start end session request validation
2019-11-08 09:15:10.768 +01:00 [DBG] Start identity token validation
2019-11-08 09:15:10.779 +01:00 [DBG] MVCCLIENT found in database: true
2019-11-08 09:15:10.780 +01:00 [DBG] client configuration validation for client MVCCLIENT succeeded.
2019-11-08 09:15:10.780 +01:00 [DBG] Client found: MVCCLIENT / MVC Client
2019-11-08 09:15:10.783 +01:00 [DBG] Calling into custom token validator: IdentityServer4.Validation.DefaultCustomTokenValidator
2019-11-08 09:15:10.783 +01:00 [DBG] Token validation success
{"ClientId":"MVCCLIENT","ClientName":"MVC Client","ValidateLifetime":false,"AccessTokenType":null,"ExpectedScope":null,"TokenHandle":null,"JwtId":null,"Claims":{"nbf":1573199947,"exp":1573200247,"iss":"http://auth.com","aud":"MVCCLIENT","nonce":"random_nonce","iat":1573199947,"at_hash":"lwJnXC7KVpyVhHXRDzoiTw","c_hash":"E0DbefNJbbn938JHXfoaMw","sid":"7e9a58037406947f827a1e48e217cdfb","sub":"82c92375-7206-4181-96c8-feaf994f897e","auth_time":1573199946,"idp":"local","preferred_username":"admin","name":"admin","userId":"82c92375-7206-4181-96c8-feaf994f897e","email":"RODO@w2w1w.ssfff","full_name":"Admin Adminowski","isAdmin":"True","isLocalUser":"True","amr":"pwd"},"$type":"TokenValidationLog"}
2019-11-08 09:15:10.784 +01:00 [INF] End session request validation success
{"ClientId":"MVCCLIENT","ClientName":"MVC Client","SubjectId":"unknown","PostLogOutUri":"http://localhost:4687","State":null,"Raw":{"id_token_hint":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIyMTI5OEFGRjhFMEE4RUFBMzUxMDY1NENEQzU0Q0MxMzc4MDFGRjYiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJJaEtZcl9qZ3FPcWpVUVpVemNWTXdUZUFIX1kifQ.eyJuYmYiOjE1NzMxOTk5NDcsImV4cCI6MTU3MzIwMDI0NywiaXNzIjoiaHR0cDovL2F1dGgucGlyaW9zLmNvbSIsImF1ZCI6ImxvY2FsaG9zdDo0Njg3Iiwibm9uY2UiOiJyYW5kb21fbm9uY2UiLCJpYXQiOjE1NzMxOTk5NDcsImF0X2hhc2giOiJsd0puWEM3S1ZweVZoSFhSRHpvaVR3IiwiY19oYXNoIjoiRTBEYmVmTkpiYm45MzhKSFhmb2FNdyIsInNpZCI6IjdlOWE1ODAzNzQwNjk0N2Y4MjdhMWU0OGUyMTdjZGZiIiwic3ViIjoiODJjOTIzNzUtNzIwNi00MTgxLTk2YzgtZmVhZjk5NGY4OTdlIiwiYXV0aF90aW1lIjoxNTczMTk5OTQ2LCJpZHAiOiJsb2NhbCIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwibmFtZSI6ImFkbWluIiwidXNlcklkIjoiODJjOTIzNzUtNzIwNi00MTgxLTk2YzgtZmVhZjk5NGY4OTdlIiwiZW1haWwiOiJST0RPQHcydzF3LnNzZmZmIiwiZnVsbF9uYW1lIjoiQWRtaW4gQWRtaW5vd3NraSIsImlzQWRtaW4iOiJUcnVlIiwiaXNMb2NhbFVzZXIiOiJUcnVlIiwiYW1yIjpbInB3ZCJdfQ.drWcKgLLgenxCuHQUu0kA9w9x31Y4jOC7eptLQfi6cwI40aenKHnkHm2L2CGDCciikHBr3ds6_9qZna00pz2gwGwnucbjCOzzvI-VKz9I9T7Ox-ccwHMsag4gDpOn6LpgFgshji9ZIZ_ErYKM8LYpe0tFepzHj2X1RSWkbbQElIZ2VKQIdeBbhOTM0MTWQ_wQTKQXtnegU2PPGLsrb5J9JeH2IgYPPX87k57-gzYgSqB4l08XcSLEdQFaaFydrZ14506ph30j4qahkO_I5yfaG6FE5zrtl8MPnZWhRZCQqrvFdFi6dxyOtlsW89dOap0ySpUO82ISFgE6f_HLTqMrp3mLHZRp3Vfr7PFRjvVVBkn-xwOfbSNF8g-vZrXpsCw5nHaHFnvxxfdZjUfUdXo2Fa2YrhYSL4Q6EP5MVQWMl_2RUPPYATObnklnC10p4keQtHfKvnb0GUMWFzcdmFeJImNBCCfHOysYz-CGkf-kBq07EhcGOJ9q3cotA-LtpK4Xoz73N5_MeZOdojMVmpMVSDYiRIyxKk5J4UsqCiBYvPzUQsRVN8Ew2H3EV8XnbFskp7HGKfKX6aDT5wb5sbga2Jyxr3UFIVNqtT9xVOTlL8j1lR7toc383FR_a_DMgL_zswl53KYEc1nVfBjjjdoCaVFn12nLKt4UXMK7LPFil4"},"$type":"EndSessionRequestValidationLog"}
2019-11-08 09:15:10.784 +01:00 [DBG] Success validating end session request from MVCCLIENT
2019-11-08 09:15:10.787 +01:00 [INF] AuthenticationScheme: Identity.Application was challenged.
2019-11-08 09:15:10.797 +01:00 [INF] AuthenticationScheme: Identity.External signed out.
是否可以仅使用此端点通过acces令牌从IdentityServer中注销用户?如果没有,我如何实现这个目标?