Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sign out does not properly work #2

Closed
guyng opened this issue Jun 24, 2019 · 8 comments
Closed

sign out does not properly work #2

guyng opened this issue Jun 24, 2019 · 8 comments

Comments

@guyng
Copy link

guyng commented Jun 24, 2019

Hi,
After i have logged in, once i click on sign out it redirect me to the home page but
then when i press on log in it instantly authenticate me.

I believe it is because the log out functionality isn't implemented in the server side(auth server).
Can you take a look?
@mcabram
Copy link

mcabram commented Aug 19, 2019
edited
Loading

It works for me. One possible reason is that you might click the 'Remember me' when you made first login. Another possible reason for this is that authentication token is still in the local storage. Try to clean the browser history and it might jump out the trap.

@nkaenzig
Copy link

nkaenzig commented Sep 2, 2019
edited
Loading

Doesn't work for me either. The signout() function doesn't delete the cookie. (I did not select 'Remember me' during the login)

@mcabram
Copy link

mcabram commented Sep 5, 2019
edited
Loading

Doesn't work for me either. The signup() function doesn't delete the cookie. (I did not select 'Remember me' during the login)

Do you mean 'Sign out' instead of 'Sign up'? If so, yes, there's a problem in delete token cookie. Probably it's some unknown bugs in IdentityServer4. Since there's only one redirect method called in Signout. I'm also trying to fix this problem.

@nkaenzig
Copy link

nkaenzig commented Sep 5, 2019
edited
Loading

Doesn't work for me either. The signup() function doesn't delete the cookie. (I did not select 'Remember me' during the login)

Do you mean 'Sign out' instead of 'Sign up'? If so, yes, there's a problem in delete token cookie. Probably it's some unknown bugs in IdentityServer4. Since there's only one redirect method called in Signout. I'm also trying to fix this problem.

Yes I meant "Sign Out", thank you. It also seems to me that it's a bug in Identity Server. The signoutRedirect() in your code calls properly the End Session endpoint, with the id_token_hint and post_logout_redirect_uri parameters set (I checked that in Fiddler).

Did this also occur in earlier versions of Identity Server or do you know a version where it works?
Or maybe do you know of another way to solve this? (There has to be, as many pages use IdentityServer in production, and it's recommended by Microsoft...)

Btw: I opened the following issue on the IdentityServer hub:
IdentityServer/IdentityServer4#3593

@nkaenzig
Copy link

nkaenzig commented Sep 8, 2019

Got it finally working.
On the client side, the only thing you have to do is to call the signoutRedirect() function (of oicd-client-js), which is already done in this template. This will call the End Session Endpoint (connect/endsession) of IdentityServer, which by default will redirect you to the Account/Logout route, but only if such a route exists (which is not the case in this template).
So you have to create a Logout() method in the AccountController.cs class, where you call the SignOutAsync() method, which will revoke the cookie, and then you can redirect back to the client.

[HttpGet]
        public async Task<IActionResult> Logout(string logoutId)
        {
            await _signInManager.SignOutAsync();
            return Redirect("http//:localhost:4200");
        }

Instead of hardcoding the url of the client you can also use the PostLogoutRedirectUri that is passed by the client's call issued by signoutRedirect().
To access this parameter on the server, you can do the following:

var context = await _interaction.GetLogoutContextAsync(logoutId); return Redirect(context.PostLogoutRedirectUri);
... where _interaction is a IIdentityServerInteractionService.

@nkaenzig nkaenzig mentioned this issue Sep 8, 2019
Closed
@itorian
Copy link

itorian commented Nov 25, 2019
edited
Loading

Got it finally working.
On the client side, the only thing you have to do is to call the signoutRedirect() function (of oicd-client-js), which is already done in this template. This will call the End Session Endpoint (connect/endsession) of IdentityServer, which by default will redirect you to the Account/Logout route, but only if such a route exists (which is not the case in this template).
So you have to create a Logout() method in the AccountController.cs class, where you call the SignOutAsync() method, which will revoke the cookie, and then you can redirect back to the client.

[HttpGet]
        public async Task<IActionResult> Logout(string logoutId)
        {
            await _signInManager.SignOutAsync();
            return Redirect("http//:localhost:4200");
        }

Instead of hardcoding the url of the client you can also use the PostLogoutRedirectUri that is passed by the client's call issued by signoutRedirect().
To access this parameter on the server, you can do the following:

var context = await _interaction.GetLogoutContextAsync(logoutId); return Redirect(context.PostLogoutRedirectUri);
... where _interaction is a IIdentityServerInteractionService.

This is not correct solution, what's the meaning of using MVC controller action in angular app? By doing this you can't logout when angular app runs outside .net scope and using 'ng serve', controller will not listen your logout call.

@itorian
Copy link

itorian commented Nov 28, 2019

I had similar issue and to fix this you don't need .net core assemblies (check my above comment), here's the resolution IdentityServer/IdentityServer4#3854

@mmacneil
Copy link
Owner

mmacneil commented Jan 2, 2020

All fixed as of 64452e0

Thanks so much, @nkaenzig and @itorian for the feedback!

@mmacneil mmacneil closed this as completed Jan 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mmacneil @itorian @guyng @mcabram @nkaenzig