From e91379f1d8ac82daa96ffeeecf6ed746ea0f0954 Mon Sep 17 00:00:00 2001 From: Muhammad Azeez Date: Tue, 19 Jan 2021 11:30:53 +0300 Subject: [PATCH] global signout works now --- CSharp/AuthorizationServer/Config.cs | 3 +-- .../Quickstart/Account/AccountController.cs | 18 ++++++++++-------- .../Controllers/AuthenticationController.cs | 18 ++++++++++++++++++ React/real-estate/src/services/userService.js | 11 +++++++++++ .../traffic-police/src/services/userService.js | 14 +++++++++++++- 5 files changed, 53 insertions(+), 11 deletions(-) diff --git a/CSharp/AuthorizationServer/Config.cs b/CSharp/AuthorizationServer/Config.cs index 1293e0a..9d35a60 100644 --- a/CSharp/AuthorizationServer/Config.cs +++ b/CSharp/AuthorizationServer/Config.cs @@ -146,8 +146,7 @@ namespace OidcSamples.AuthorizationServer { "http://localhost:7000/signout-callback-oidc" }, - FrontChannelLogoutUri = "http://localhost:7000/signout-callback-oidc", - FrontChannelLogoutSessionRequired = true, + FrontChannelLogoutUri = "http://localhost:7000/Authentication/FrontChannelLogout", RequireConsent = false, } }; diff --git a/CSharp/AuthorizationServer/Quickstart/Account/AccountController.cs b/CSharp/AuthorizationServer/Quickstart/Account/AccountController.cs index 1226ac4..be82f3d 100644 --- a/CSharp/AuthorizationServer/Quickstart/Account/AccountController.cs +++ b/CSharp/AuthorizationServer/Quickstart/Account/AccountController.cs @@ -241,14 +241,16 @@ namespace IdentityServerHost.Quickstart.UI return SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme); } - if (string.IsNullOrEmpty(vm.PostLogoutRedirectUri)) - { - return View("LoggedOut", vm); - } - else - { - return Redirect(vm.PostLogoutRedirectUri); - } + return View("LoggedOut", vm); + + //if (string.IsNullOrEmpty(vm.PostLogoutRedirectUri)) + //{ + + //} + //else + //{ + // return Redirect(vm.PostLogoutRedirectUri); + //} } [HttpGet] diff --git a/CSharp/TaxApp/Controllers/AuthenticationController.cs b/CSharp/TaxApp/Controllers/AuthenticationController.cs index ab98443..269bc82 100644 --- a/CSharp/TaxApp/Controllers/AuthenticationController.cs +++ b/CSharp/TaxApp/Controllers/AuthenticationController.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Mvc; +using System; using System.Threading.Tasks; namespace OidcSamples.TaxApp.Controllers @@ -15,5 +16,22 @@ namespace OidcSamples.TaxApp.Controllers await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme); } + + // https://andersonnjen.com/2019/03/22/identityserver4-global-logout/ + // https://docs.identityserver.io/en/release/topics/signout.html#notifying-clients-that-the-user-has-signed-out + [HttpGet("FrontChannelLogout")] + public async Task FrontChannelLogout(string sid) + { + if (User.Identity.IsAuthenticated) + { + var currentSid = User.FindFirst("sid")?.Value ?? ""; + if (string.Equals(currentSid, sid, StringComparison.Ordinal)) + { + await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); + } + } + + return NoContent(); + } } } diff --git a/React/real-estate/src/services/userService.js b/React/real-estate/src/services/userService.js index 21db0ab..2120e9e 100644 --- a/React/real-estate/src/services/userService.js +++ b/React/real-estate/src/services/userService.js @@ -8,9 +8,20 @@ const config = { response_type: "code", scope: "openid profile real-estate-api", post_logout_redirect_uri: "http://localhost:4000", + monitorSession: true, + + // https://github.com/IdentityServer/IdentityServer4/blob/main/samples/Clients/src/JsOidc/wwwroot/app.js + // silent renew will get a new access_token via an iframe + // just prior to the old access_token expiring (60 seconds prior) + // silent_redirect_uri: window.location.origin + "/silent.html", + // automaticSilentRenew: true, + + // will revoke (reference) access tokens at logout time + revokeAccessTokenOnSignout: true, }; const userManager = new UserManager(config); +userManager.events.addUserSignedOut(signoutRedirect); export async function loadUserFromStorage(store) { try { diff --git a/React/traffic-police/src/services/userService.js b/React/traffic-police/src/services/userService.js index 4f5ef50..570c57d 100644 --- a/React/traffic-police/src/services/userService.js +++ b/React/traffic-police/src/services/userService.js @@ -7,11 +7,23 @@ const config = { redirect_uri: "http://localhost:3000/signin-oidc", response_type: "code", scope: "openid profile traffic-police-api", - post_logout_redirect_uri: "http://localhost:3000" + monitorSession: true, + post_logout_redirect_uri: "http://localhost:3000", + + // https://github.com/IdentityServer/IdentityServer4/blob/main/samples/Clients/src/JsOidc/wwwroot/app.js + // silent renew will get a new access_token via an iframe + // just prior to the old access_token expiring (60 seconds prior) + // silent_redirect_uri: window.location.origin + "/silent.html", + // automaticSilentRenew: true, + + // will revoke (reference) access tokens at logout time + revokeAccessTokenOnSignout: true, }; const userManager = new UserManager(config); +userManager.events.addUserSignedOut(signoutRedirect); + export async function loadUserFromStorage(store) { try { let user = await userManager.getUser();