身份服务器按预期工作。我可以登录用户和注销用户。然而PostLogoutRedirectUri
属性(property)在 LogoutRequest
对象总是以空值返回。
我的 SPA 客户端配置:
{
ClientId = "pokemon",
ClientName = "Angular Pokemon Client",
AllowedGrantTypes = GrantTypes.Code,
RequireClientSecret = false,
RedirectUris = { "http://localhost:4200/login" },
PostLogoutRedirectUris = { "http://localhost:4200" },
AllowedCorsOrigins = { "http://localhost:4200" },
AllowOfflineAccess = true,
AllowAccessTokensViaBrowser = true,
AllowRememberConsent = false,
RequireConsent = true,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"scope1"
}
}
AccountOptions
的设置对象是:public static bool AllowLocalLogin = true;
public static bool AllowRememberLogin = true;
/.../
public static bool ShowLogoutPrompt = false;
public static bool AutomaticRedirectAfterSignOut = true;
然后在客户端上我使用 oidc-client 库。我配置了以下设置:const settings = {
authority: "https://localhost:5001",
client_id: "pokemon",
redirect_uri: "http://localhost:4200/login",
response_type: "code",
scope:"openid profile scope1",
userStore: new WebStorageStateStore({ store: window.localStorage })
}
我试过 post_logout_redirect_uri
值和没有。结果一样。我提出注销请求的方式是
this.mgr.signoutRedirect()
.我也尝试添加 this.mgr.signoutRedirect({ id_token_hint: user.id_token })
但得到了相同的结果。从我的客户端到 IdP 的第一个请求具有以下 URL
https://localhost:5001/connect/endsession?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhEQTE2MDdBRTE2NzJGODQ3RkU2NkE2MUI2NEFGM0IxIiwidHlwIjoiSldUIn0.eyJuYmYiOjE2MDE1ODMxODQsImV4cCI6MTYwMTU4MzQ4NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImF1ZCI6InBva2Vtb24iLCJpYXQiOjE2MDE1ODMxODQsImF0X2hhc2giOiJRajc0Z1Z6VGc5WUd3OGVhaTlKWDhRIiwic19oYXNoIjoiM1k2NGtROVFsY2d3Q0VUSGpMT1RDQSIsInNpZCI6IkRFQkFERTA1Njg5RTk1RDY0NUQwNUJGOTkyREJCRTBDIiwic3ViIjoiYWxpY2UiLCJhdXRoX3RpbWUiOjE2MDE1ODMxNjIsImlkcCI6ImxvY2FsIiwiYW1yIjpbInB3ZCJdfQ.xpQo3SFT_Pc4LDtXPHWEETkweLmevUQvPj_84EC98s8qy272mb1dIc3rsIxpHvmBy6f4kI3z4CRs0w6fZmLGyWtZCYCcM6RJhKyGIz_epr-s_ZfZ7XE9Fwvy2FWFZ_HL0SgqLyUCwxKyel0GnzgEmHqcgIbKrK-3KAsVVuNKbXfEwCE-HsVv0OPssAmWvqRdN61ZtbIst4LP6TISkTvlP8HNZozlpbVawGjRPeubyImoYCZgPDVBYI3Ml_xtmSRITdIcTT9S8JmGL4sBIzNXW2ChOTuMvcEkix2lmPH1e9orFA2QOdGgeHylv6sza5ukHR6HTIF9ypoMon-ycNBPJw
然后第二个请求被触发https://localhost:5001/Account/Logout?logoutId=CfDJ8CU-F4FvYn9IkMAT1M74c9qWz8pFpIUH_9uKhIkfUFRQKmkVvPVyRNSRpMnTTQ2ZjIqEqFONFzQ6334fLzoKrrUoxjfnIEXYONgXLCnB3IL0OGjaQcP2WIeX-u7UAx_7LIs-DRvGiDEsgnrfhveZknsDPPcJvediQ3viec63gA9EGo5g467Hcd_JClsdikFAd3j2daTxAdVvhmzmjW60ghfibOnsERghDz3FuuX0vDMjBo5JsRyFQeM78BNnvHkoMOIunz2m4RpJLHHzApRxz0Dofl3Oa9JsVxISGevK02Be1W0oTp1eUh_Yb2a6rMYmkhR2vUg4_MazHi61NI5Lvg1X2gn8x3HR2SiKO6-BEiNK07Mt1poyky4A31DcIQiJKQ
在身份服务器提供程序上,查看日志,没有错误或警告。然后执行此代码:// get context information (client name, post logout redirect URI and iframe for federated signout)
var logout = await _interaction.GetLogoutContextAsync(logoutId);
var vm = new LoggedOutViewModel
{
AutomaticRedirectAfterSignOut = AccountOptions.AutomaticRedirectAfterSignOut,
PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
ClientName = string.IsNullOrEmpty(logout?.ClientName) ? logout?.ClientId : logout?.ClientName,
SignOutIframeUrl = logout?.SignOutIFrameUrl,
LogoutId = logoutId
};
和 logout?.PostLogoutRedirectUri
总是返回空值。 logoutId
有一个值(value)。检查 GetLogoutContextAsync 的源代码似乎只是采用 logoutId
并在 Message
中反序列化它目的。当我手动更改
PostLogoutRedirectUri
至 http://localhost:4200
有用。任何想法为什么它一直返回null?
最佳答案
在客户端的注销功能中,使用以下内容:-
this._userManager.signoutRedirect({'id_token_hint' : this._user.id_token});
其中 _user 是返回的“用户”对象。请引用IdentityServer4 logout因为该决议已经存在。Also, go to the identity server log and check if you get a similar log and observe the call to the session endpoint (the ClientId and the "PostLogOutUri" is null apart from other parameters)
关于identityserver4 - 为什么 Identity Server GetLogoutContextAsync() 方法总是为 PostLogoutRedirectUri 返回 null?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64162636/