identityserver4 - 为什么 Identity Server GetLogoutContextAsync() 方法总是为 PostLogoutRedirectUri 返回 null？

Question

身份服务器按预期工作。我可以登录用户和注销用户。然而PostLogoutRedirectUri属性(property)在 LogoutRequest对象总是以空值返回。
我的 SPA 客户端配置:

    {
        ClientId = "pokemon",
        ClientName = "Angular Pokemon Client",
    
        AllowedGrantTypes = GrantTypes.Code,
        RequireClientSecret = false,
        RedirectUris =           { "http://localhost:4200/login" },
        PostLogoutRedirectUris = { "http://localhost:4200" },
        AllowedCorsOrigins =     { "http://localhost:4200" },
        AllowOfflineAccess = true,
        AllowAccessTokensViaBrowser = true,
        AllowRememberConsent = false,
        RequireConsent = true,
    
         AllowedScopes = 
         {
             IdentityServerConstants.StandardScopes.OpenId,
             IdentityServerConstants.StandardScopes.Profile,
             "scope1"
         }
}

AccountOptions 的设置对象是:

public static bool AllowLocalLogin = true;
public static bool AllowRememberLogin = true;
/.../
public static bool ShowLogoutPrompt = false;
public static bool AutomaticRedirectAfterSignOut = true;

然后在客户端上我使用 oidc-client 库。我配置了以下设置:

const settings = {
      authority: "https://localhost:5001",
      client_id: "pokemon",
      redirect_uri: "http://localhost:4200/login",
      response_type: "code",
      scope:"openid profile scope1",
      userStore: new WebStorageStateStore({ store: window.localStorage })
    }

我试过 post_logout_redirect_uri值和没有。结果一样。
我提出注销请求的方式是 this.mgr.signoutRedirect() .我也尝试添加 this.mgr.signoutRedirect({ id_token_hint: user.id_token })但得到了相同的结果。
从我的客户端到 IdP 的第一个请求具有以下 URL

https://localhost:5001/connect/endsession?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhEQTE2MDdBRTE2NzJGODQ3RkU2NkE2MUI2NEFGM0IxIiwidHlwIjoiSldUIn0.eyJuYmYiOjE2MDE1ODMxODQsImV4cCI6MTYwMTU4MzQ4NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImF1ZCI6InBva2Vtb24iLCJpYXQiOjE2MDE1ODMxODQsImF0X2hhc2giOiJRajc0Z1Z6VGc5WUd3OGVhaTlKWDhRIiwic19oYXNoIjoiM1k2NGtROVFsY2d3Q0VUSGpMT1RDQSIsInNpZCI6IkRFQkFERTA1Njg5RTk1RDY0NUQwNUJGOTkyREJCRTBDIiwic3ViIjoiYWxpY2UiLCJhdXRoX3RpbWUiOjE2MDE1ODMxNjIsImlkcCI6ImxvY2FsIiwiYW1yIjpbInB3ZCJdfQ.xpQo3SFT_Pc4LDtXPHWEETkweLmevUQvPj_84EC98s8qy272mb1dIc3rsIxpHvmBy6f4kI3z4CRs0w6fZmLGyWtZCYCcM6RJhKyGIz_epr-s_ZfZ7XE9Fwvy2FWFZ_HL0SgqLyUCwxKyel0GnzgEmHqcgIbKrK-3KAsVVuNKbXfEwCE-HsVv0OPssAmWvqRdN61ZtbIst4LP6TISkTvlP8HNZozlpbVawGjRPeubyImoYCZgPDVBYI3Ml_xtmSRITdIcTT9S8JmGL4sBIzNXW2ChOTuMvcEkix2lmPH1e9orFA2QOdGgeHylv6sza5ukHR6HTIF9ypoMon-ycNBPJw

然后第二个请求被触发

https://localhost:5001/Account/Logout?logoutId=CfDJ8CU-F4FvYn9IkMAT1M74c9qWz8pFpIUH_9uKhIkfUFRQKmkVvPVyRNSRpMnTTQ2ZjIqEqFONFzQ6334fLzoKrrUoxjfnIEXYONgXLCnB3IL0OGjaQcP2WIeX-u7UAx_7LIs-DRvGiDEsgnrfhveZknsDPPcJvediQ3viec63gA9EGo5g467Hcd_JClsdikFAd3j2daTxAdVvhmzmjW60ghfibOnsERghDz3FuuX0vDMjBo5JsRyFQeM78BNnvHkoMOIunz2m4RpJLHHzApRxz0Dofl3Oa9JsVxISGevK02Be1W0oTp1eUh_Yb2a6rMYmkhR2vUg4_MazHi61NI5Lvg1X2gn8x3HR2SiKO6-BEiNK07Mt1poyky4A31DcIQiJKQ

在身份服务器提供程序上，查看日志，没有错误或警告。然后执行此代码:

// get context information (client name, post logout redirect URI and iframe for federated signout)
var logout = await _interaction.GetLogoutContextAsync(logoutId);

var vm = new LoggedOutViewModel
{
    AutomaticRedirectAfterSignOut = AccountOptions.AutomaticRedirectAfterSignOut,
    PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
    ClientName = string.IsNullOrEmpty(logout?.ClientName) ? logout?.ClientId : logout?.ClientName,
    SignOutIframeUrl = logout?.SignOutIFrameUrl,
    LogoutId = logoutId
};
 

和 logout?.PostLogoutRedirectUri总是返回空值。 logoutId有一个值(value)。检查 GetLogoutContextAsync 的源代码似乎只是采用 logoutId并在 Message 中反序列化它目的。
当我手动更改 PostLogoutRedirectUri至 http://localhost:4200有用。任何想法为什么它一直返回null？

Answer 1

在客户端的注销功能中，使用以下内容:-

this._userManager.signoutRedirect({'id_token_hint' : this._user.id_token});

其中 _user 是返回的“用户”对象。请引用IdentityServer4 logout因为该决议已经存在。
Also, go to the identity server log and check if you get a similar log and observe the call to the session endpoint (the ClientId and the "PostLogOutUri" is null apart from other parameters)