ABP Framework version: commercial v 5.1.3 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes
I added external Idsrv4 to the abp Idsrv I want to logout form external Idsrv4 after logout from my app.
context.Services.AddAuthentication()
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = configuration["AuthServer:ApiName"];
}).AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://localhost:44382/";
options.ClientId = "main_core_idsrv";
options.ClientSecret = "main_core_idsrv_secret_mvc";
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
options.ResponseType = OpenIdConnectResponseType.Code;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = context =>
{
var userID = context.Principal.FindFirstValue("sub");
return Task.CompletedTask;
}};
});
10 Answer(s)
-
0
Hi,
You can call
await HttpContext.SignOutAsync("oidc"); -
0
You need to configure front-channel (or back-channel) logout for the external identityserver if you want to sign out from the it as well whenever you logout from abp identityserver.
Abp IdentityServes has this feature implemented. However, you need to manually add it to the external identityserver.
You can check:
- https://docs.identityserver.io/en/latest/topics/signout.html#notifying-clients-that-the-user-has-signed-out
- https://stackoverflow.com/questions/47621453/how-to-enable-front-channel-or-back-channel-logout-in-identityserver4
-
0
which page can I write this code?
-
0
Logout page of external IdentityServer which will announce clients to sign out.
-
0
please write full code for solution. in normal application without abp can ease implementation,
in normal application SignOut("cookies","oidc"); is enough, but in abp with angular how can get id_token to call end session in external Idsv.
-
0
This is not related to ABP. As I mentioned above, to sign out from external identityserver; you need to implement front-channel or back-channel logout mechanism to the external identityserver.
-
0
implement front-channel or back-channel logout mechanism to the external identityserver already exists but how call SignOut("cookies","oidc"); in abp identityserver.
-
0
implement front-channel or back-channel logout mechanism to the external identityserver already exists but how call SignOut("cookies","oidc"); in abp identityserver.
It is a mechanism. You don't call signout manually. You return a
LoggedOutViewthat includes iframe that calls the callback of the other clients. Then you need to specify which client is enabled the front channel and on which endpoint.See the links I have shared above.
-
0
how make these "You return a LoggedOutView that includes iframe that calls the callback of the other clients."?
-
0
With something like:
[HttpPost] [ValidateAntiForgeryToken] public async Task<IActionResult> Logout(LogoutInputModel model) { // build a model so the logged out page knows what to display var vm = await BuildLoggedOutViewModelAsync(model.LogoutId); ... return View("LoggedOut", vm); }LoggedOut.cshtml:
@model LoggedOutViewModel <div class="page-header logged-out"> <small>You are now logged out</small> ... @if (Model.SignOutIframeUrl != null) { <iframe width="0" height="0" class="signout" src="@Model.SignOutIframeUrl"></iframe> } </div>Taken from https://stackoverflow.com/a/55312218/2594735
Also, this is not related to ABP. You can get better and faster results from asking to stackoverflow or the identityserver github issue tracker.
