Merge branch 'master' of https://github.com/ditdevtools/AuthorizationServerDemos

2026-01-22 21:46:58 +00:00 · 2021-01-19 12:03:54 +03:00 · 2021-01-19 12:03:54 +03:00 · 292ee3913b
commit 292ee3913b
parent 59388fcb34 e91379f1d8
5 changed files with 53 additions and 11 deletions
--- a/CSharp/AuthorizationServer/Config.cs
+++ b/CSharp/AuthorizationServer/Config.cs
@ -146,8 +146,7 @@ namespace OidcSamples.AuthorizationServer
                    {
                       "http://localhost:7000/signout-callback-oidc"
                    },
-                    FrontChannelLogoutUri = "http://localhost:7000/signout-callback-oidc",
-                    FrontChannelLogoutSessionRequired = true,
+                    FrontChannelLogoutUri = "http://localhost:7000/Authentication/FrontChannelLogout",
                    RequireConsent = false,
                }
            };
--- a/CSharp/AuthorizationServer/Quickstart/Account/AccountController.cs
+++ b/CSharp/AuthorizationServer/Quickstart/Account/AccountController.cs
@ -241,14 +241,16 @@ namespace IdentityServerHost.Quickstart.UI
                return SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme);
            }

-            if (string.IsNullOrEmpty(vm.PostLogoutRedirectUri))
-            {
-                return View("LoggedOut", vm);
-            }
-            else
-            {
-                return Redirect(vm.PostLogoutRedirectUri);
-            }
+            return View("LoggedOut", vm);
+
+            //if (string.IsNullOrEmpty(vm.PostLogoutRedirectUri))
+            //{
+                
+            //}
+            //else
+            //{
+            //    return Redirect(vm.PostLogoutRedirectUri);
+            //}
        }

        [HttpGet]
--- a/CSharp/TaxApp/Controllers/AuthenticationController.cs
+++ b/CSharp/TaxApp/Controllers/AuthenticationController.cs
@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Mvc;
+using System;
 using System.Threading.Tasks;

 namespace OidcSamples.TaxApp.Controllers
@ -15,5 +16,22 @@ namespace OidcSamples.TaxApp.Controllers
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
            await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
        }
+
+        // https://andersonnjen.com/2019/03/22/identityserver4-global-logout/
+        // https://docs.identityserver.io/en/release/topics/signout.html#notifying-clients-that-the-user-has-signed-out
+        [HttpGet("FrontChannelLogout")]
+        public async Task<IActionResult> FrontChannelLogout(string sid)
+        {
+            if (User.Identity.IsAuthenticated)
+            {
+                var currentSid = User.FindFirst("sid")?.Value ?? "";
+                if (string.Equals(currentSid, sid, StringComparison.Ordinal))
+                {
+                    await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                }
+            }
+
+            return NoContent();
+        }
    }
 }
--- a/React/real-estate/src/services/userService.js
+++ b/React/real-estate/src/services/userService.js
@ -8,9 +8,20 @@ const config = {
  response_type: "code",
  scope: "openid profile real-estate-api",
  post_logout_redirect_uri: "http://localhost:4000",
+  monitorSession: true,
+
+  // https://github.com/IdentityServer/IdentityServer4/blob/main/samples/Clients/src/JsOidc/wwwroot/app.js
+  // silent renew will get a new access_token via an iframe 
+  // just prior to the old access_token expiring (60 seconds prior)
+  // silent_redirect_uri: window.location.origin + "/silent.html",
+  // automaticSilentRenew: true,
+
+  // will revoke (reference) access tokens at logout time
+  revokeAccessTokenOnSignout: true,
 };

 const userManager = new UserManager(config);
+userManager.events.addUserSignedOut(signoutRedirect);

 export async function loadUserFromStorage(store) {
  try {
--- a/React/traffic-police/src/services/userService.js
+++ b/React/traffic-police/src/services/userService.js
@ -7,11 +7,23 @@ const config = {
  redirect_uri: "http://localhost:3000/signin-oidc",
  response_type: "code",
  scope: "openid profile traffic-police-api",
-  post_logout_redirect_uri: "http://localhost:3000"
+  monitorSession: true,
+  post_logout_redirect_uri: "http://localhost:3000",
+
+  // https://github.com/IdentityServer/IdentityServer4/blob/main/samples/Clients/src/JsOidc/wwwroot/app.js
+  // silent renew will get a new access_token via an iframe 
+  // just prior to the old access_token expiring (60 seconds prior)
+  // silent_redirect_uri: window.location.origin + "/silent.html",
+  // automaticSilentRenew: true,
+
+  // will revoke (reference) access tokens at logout time
+  revokeAccessTokenOnSignout: true,
 };

 const userManager = new UserManager(config);

+userManager.events.addUserSignedOut(signoutRedirect);
+
 export async function loadUserFromStorage(store) {
  try {
    let user = await userManager.getUser();