IdentityServer4 logout

后端 未结 2 874
遥遥无期
遥遥无期 2021-01-20 17:33

I am having an issue where I cannot seem to get my Identity Server logout to show the confirmation first. I downloaded the source code for IdentityServer4 from github and f

2条回答
  •  被撕碎了的回忆
    2021-01-20 17:56

    There is no client attribute to control this.

    When logging out the client application calls the IdentityServer4 End Session Endpoint.

    The signout prompt can be bypassed when a client sends the original id_token. This is passed in as the id_token_hint parameter.

    In addition, it indicates if the request for the sign-out has been authenticated, and therefore it's safe to no prompt the user for sign-out. per ref

    ShowSignoutPrompt Indicates if the user should be prompted for signout based upon the parameters passed to the end session endpoint. Source PDF

    NOTE: If you are using the JavaScript OIDC-Client-JS library, the 'signoutRedirect' method will internally check, see _signoutStart method line 354, for the id_token_hint argument or the users id_token. So if you are using this library to log a user off and want to force the logout screen you will have to clear the user.id_token.

    Sample section from _signoutStart()

    _signoutStart(args = {}, navigator, navigatorParams = {}) {
        ...
        var id_token = args.id_token_hint || user && user.id_token;
        if (id_token) {
            Log.debug("Setting id_token into signout request");
            args.id_token_hint = id_token;
        }
        ...
    }
    

    UPDATE:

    If you are using IdentityServer4 version 2.x you can use the new class ClientProperty to store key-value pairs. In here you could create a key of "LogoffPromptRequired" and a value of "true" to be used in the client or IdentityServer implementation to determine if the Logg off screen is required.

提交回复
热议问题