带IdentityServer3的Oidc客户端-Angular2，如何正确注销和登录 [英] Oidc-client with IdentityServer3 - Angular2, how to logout and login properly

问题描述

这里有一些背景，我使用的是隐式流程，我的令牌是JWT.要注销，我正在使用方法调用signoutRedirectCallback.

Here's some background, I'm using implicit flow and my token is JWT. To logout, I'm using the method call signoutRedirectCallback.

我希望能够正确注销.这样我就可以以其他用户身份登录.这样做时，我还有最后一个用户的令牌吗?有没有一种方法可以完全注销用户，使其没有最后一个用户的令牌?由于某些原因，令牌仍然存在.看来，真正注销的唯一方法是关闭浏览器页面并且删除/删除Identityserver3上的cookie?

I want to be able to properly logout. So that I can login as a different user. When doing so, I still have the token from the last user? Is there a way to completely log the user out so that it doesn't have the last user's token? The token still persists for some reason. It seems that the only way to truly logout is when the browser page is closed and the cookie on the identityserver3 gets removed/deleted?

这也可能回答我的其他问题.如果用户单击主网格页面上的超链接并打开一个新选项卡(例如详细信息页面)，则如果用户在新选项卡(详细信息页面)上注销，则仍会记录主网格页面(旧选项卡)在?同样，我还没有完全注销，这是同样的问题.

This may also answer my other issue. If the user clicks on a hyperlink on the main grid page and it opens a new tab (ex. details page), if the user logs out on the new tab (details page), the main grid page (old tab) is still logged in? Again, it's the same issue where I'm not completely logged out.

任何人都可以给我一些有关如何正确注销以删除Identityserver3上的cookie的指导吗?这样就可以了.令牌仍然存在.谢谢.

Can anyone give me some guidance on how to properly logout to remove the cookie on the identityserver3? So that it's a clean slate. The token still persists. Thank you.

//Here is the code. In my main component I have a menuclick event and this works: 
public MenuClick(event, item)
{
    if (item === "signOut") 
    {
        this.signOut();
    }
}

public signOut() 
{
    this._LoginService.logOut();
}

//Here is the LoginService that calls the oidc-client method:
public logOutCall(): Observable<boolean> 
{
    return Observable.fromPromise(new Promise<boolean> (
        resolve => 
        {
            this._oidcService.logOut();
            resolve(true);
        }
    ));
}

this._oidcService.logOut()调用实际的oidc客户端方法signoutRedirectCallback().这可以工作，并且可以重定向.但是除非我关闭页面，否则令牌仍然会保留.

The this._oidcService.logOut() calls the actual oidc-client method signoutRedirectCallback(). This works and it redirects. But the token still persists unless I close the page.

更新:我的测试团队告诉我，这个问题专门与Chrome有关.

推荐答案

要清除UserManager管理的状态，请调用removeUser.当您触发登出时，应该为您调用此名称，因此我很好奇为什么未登出.查看日志?

To clear the state managed by the UserManager, call removeUser. This should be called for you when you trigger signout, so I'm curious why it's not. Check the logs?

这篇关于带IdentityServer3的Oidc客户端-Angular2，如何正确注销和登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！