从身份服务器注销后如何将用户重定向到客户端应用程序? [英] How to redirect user to client app after logging out from identity server?
问题描述
我要在用户从该客户端注销后将其重定向到同一客户端.因此,如果我假设一台身份服务器上有5个客户端,那么我希望用户能够从一个客户端注销并在同一客户端上却注销.
I want to redirect user to the same client after he logged out from that client. So if i have lets say 5 clients on one identity server, i want users to be able to log out from one client and be on that same client but logged out.
我尝试过的一件事是在快速入门中在AccountController中使用PostLogoutRedirectUri,但该值始终为null.我发现的解决方法是手动设置PostLogoutRedirectUri,如果服务器上只有一个客户端,那么效果很好,但是如果我有多个客户端,则没有那么多.有什么办法知道哪个客户端已经注销"?
The one thing i have tried is to use PostLogoutRedirectUri in AccountController in quickstart, but the value is always null. Workaround that i found is to manually set PostLogoutRedirectUri, that works fine if you have only one client on the server, but not so much if I have multiple. Is there any way to know which client has been "logged out"?
public async Task<IActionResult> Logout(LogoutInputModel model)
{
// build a model so the logged out page knows what to display
var vm = await BuildLoggedOutViewModelAsync(model.LogoutId);
if (User?.Identity.IsAuthenticated == true)
{
// delete local authentication cookie
await HttpContext.SignOutAsync();
// raise the logout event
await _events.RaiseAsync(new UserLogoutSuccessEvent(User.GetSubjectId(), User.GetDisplayName()));
}
// check if we need to trigger sign-out at an upstream identity provider
if (vm.TriggerExternalSignout)
{
// build a return URL so the upstream provider will redirect back
// to us after the user has logged out. this allows us to then
// complete our single sign-out processing.
string url = Url.Action("Logout", new { logoutId = vm.LogoutId });
// this triggers a redirect to the external provider for sign-out
return SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme);
}
vm.PostLogoutRedirectUri = "http://localhost:56582";
return Redirect(vm.PostLogoutRedirectUri);
}
我的客户
new Client
{
ClientId = "openIdConnectClient",
ClientName = "Implicit Client Application Name",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"role",
"customAPI.write"
},
RedirectUris = new List<string>{ "http://localhost:56582/signin-oidc" },
PostLogoutRedirectUris = new List<string>{ "http://localhost:56582" },
// FrontChannelLogoutUri = "http://localhost:56582/signout-oidc"
}
推荐答案
您不应该手动设置uri.实际上,IdentityServer示例中的默认注销方法可以正常工作.
You are not supposed to set the uri manually. Actually the default logout method from the IdentityServer samples works fine.
当您尝试 3_ImplicitFlowAuthentication 示例项目时,您会看到PostLogoutRedirectUri不为null,并且重定向有效(但不是自动进行).
When you try the 3_ImplicitFlowAuthentication sample project, you'll see PostLogoutRedirectUri is not null and the redirection works (but not automatically).
在您的情况下PostLogoutRedirectUri是null的原因可能是因为 id_token 未保留.在 MvcClient.Startup 确保添加以下行:
The reason why PostLogoutRedirectUri is null in your case is probably because the id_token is not preserved. In MvcClient.Startup make sure you add this line:
options.SaveTokens = true;
这会将令牌保留在cookie中.
That will preserve the tokens in a cookie.
为了自动重定向回客户端,请对示例代码进行一些调整.在IdentityServer中 AccountOptions 设置
In order to automatically redirect back to the client, make a few adjustments to the sample code. In IdentityServer AccountOptions set
AutomaticRedirectAfterSignOut = true;
return View("LoggedOut", vm);
再次运行该示例时,您应该看到注销后该用户现在自动返回到客户端.
When you run the sample again you should see that the user is now automatically returned to the client after logout.
这篇关于从身份服务器注销后如何将用户重定向到客户端应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
