IdentityServer4 PostLogoutRedirectUri [英] IdentityServer4 PostLogoutRedirectUri
问题描述
我对如何使用它感到困惑.
我见过的大多数示例都将其指定为"/signout-callback-oidc".这似乎表明它在此过程中使用了OIDC中间件.如果我想返回特定的客户页面怎么办?
当我将IdentityServer的AutomaticRedirectAfterSignOut的AccountOptions.cs属性设置为true时,自动重定向不起作用.此外,在注销期间,我没有收到客户端的PostLogoutRedirectUri.
那么,该链接应该转到OIDC中间件,还是可以用于重定向到客户端?
您的客户端必须配置为请求回调到其中一个URI,作为客户端启动的退出流程的一部分.
可以为IS4客户端配置用于登录和注销的允许重定向URI列表,我想这是您看到/signout-callback-oidc的地方-如果我没记错的话,可能是文档,也可能是快速入门代码使用了该名称,但是该特定的URI名称没有什么特别的. (据我所知,这不是一些OIDC标准,也不是众所周知的"名称,也不属于这种性质的东西.)
难题的缺失部分是在客户端应用程序中配置OIDC.您没有提到客户端上的应用程序类型,但是在ASP.NET Core中,它是AddOpenIdConnect服务上名为SignedOutCallbackPath的选项:
services.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = appConfig["OidcAuthority"];
options.ClientId = appConfig["OidcClientId"];
options.ClientSecret = appConfig["OidcClientSecret"];
// etc
options.SignedOutCallbackPath = "/jake-says-goodbye";
});
这将导致OIDC实现将属性添加到标识该重定向URI的注销请求中.只要您的应用程序能够正确标识自己,如文档 I am confused about how this is used. Most examples I've seen have it given as "/signout-callback-oidc". That seems to indicate that it uses OIDC middleware in the process. What if I want to return to a specific client page? The automatic redirect isn't working when I set IdentityServer's AccountOptions.cs property of AutomaticRedirectAfterSignOut to true. Further, during logout, I do not receive the client's PostLogoutRedirectUri. So, is that link supposed to go to the OIDC middleware, or is it available for use to redirect to the client? Your client has to be configured to request the callback to one of those URIs as part of the client-initiated sign-out flow. IS4 clients can be configured with lists of allowable redirect URIs for both sign-in and sign-out, which I'm guessing is where you see The missing piece of the puzzle is to configure OIDC in the client application. You didn't mention what kind of application is on the client side, but in ASP.NET Core it's an option named This causes the OIDC implementation to add a property to the sign-out request identifying that redirect URI. As long as your application properly identifies itself, as briefly mentioned in the docs here, and as long as (I specifically mention "proper" identification because, based on github questions I've seen, it sounds like it might be more difficult to manage for a JS-based SPA client app versus whatever helpful things MVC does behind the scenes to manage server-to-server OIDC interaction. I can't speak to that as I've not had a need to implement any SPA clients with IS4 yet.) 这篇关于IdentityServer4 PostLogoutRedirectUri的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!/signout-callback-oidc -- if I remember right, either the docs or maybe the Quickstart code uses that, but there's nothing special about that particular URI name. (It isn't some OIDC standard, or a "well-known" name, or anything of that nature, as far as I know.)SignedOutCallbackPath on the AddOpenIdConnect service:services.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = appConfig["OidcAuthority"];
options.ClientId = appConfig["OidcClientId"];
options.ClientSecret = appConfig["OidcClientSecret"];
// etc
options.SignedOutCallbackPath = "/jake-says-goodbye";
});
/jake-says-goodbye is one of the approved post-logout redirect URIs on the IS4 side, you should get the callback you're expecting.
