I am having an issue where I cannot seem to get my Identity Server logout to show the confirmation first. I downloaded the source code for IdentityServer4 from github and f
There is no client attribute to control this.
When logging out the client application calls the IdentityServer4 End Session Endpoint.
The signout prompt can be bypassed when a client sends the original id_token. This is passed in as the id_token_hint parameter.
In addition, it indicates if the request for the sign-out has been authenticated, and therefore it's safe to no prompt the user for sign-out. per ref
ShowSignoutPrompt Indicates if the user should be prompted for signout based upon the parameters passed to the end session endpoint. Source PDF
NOTE: If you are using the JavaScript OIDC-Client-JS library, the 'signoutRedirect' method will internally check, see _signoutStart method line 354, for the id_token_hint argument or the users id_token. So if you are using this library to log a user off and want to force the logout screen you will have to clear the user.id_token.
Sample section from _signoutStart()
_signoutStart(args = {}, navigator, navigatorParams = {}) {
...
var id_token = args.id_token_hint || user && user.id_token;
if (id_token) {
Log.debug("Setting id_token into signout request");
args.id_token_hint = id_token;
}
...
}
UPDATE:
If you are using IdentityServer4 version 2.x you can use the new class ClientProperty to store key-value pairs. In here you could create a key of "LogoffPromptRequired" and a value of "true" to be used in the client or IdentityServer implementation to determine if the Logg off screen is required.