Base solution for your next web application
Open Closed

External Authentication - send logoff request #10090


User avatar
0
henryand created

We are using combined Angular + .net5 version 10.1.

We are connecting to our client's OpenId Connect server for authentication. We recently added a routine for authorization to synchronize roles and organizations. We have now been asked to send a logout request to the auth server when the user logs out of our application. I assume this would entail sending a token to the logout endpoint. AspNetZero does not seem to have an external logout.

I added a parameter to the "OpenId" section of appSettings.json for "UserLogoutEndpoint": "https://..." I am, however, lost as to how to have the application send the request to that endpoint.

thanks for any help you can provide on sending a logout request to an OpenId Connect endpoint.


6 Answer(s)
  • User Avatar
    0
    gterdem created
    Support Team

    You can make a request to end_session_endpoint. You can check identityserver endpoint at https://myidentityserver/.well-known/openid-configuration.

    However trying to signing out all the clients (Single Sign Out) is a different story and you need to implement either front-channel or back-channel logout and i think that is not your case.

  • User Avatar
    0
    henryand created

    The goal is to just logout the user from the auth server that logged them in to the app.

    I created the path to the .well-known/openid-configuration using the same method that the login request is handled.
    ValidateToken doesn't seem like the right way to send the token. Is there some other method for making the request?

        public async void SendLogout(string token)
        {
            var issuer = ProviderInfo.AdditionalParams["LogoutUrl"];
            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
                issuer + "/.well-known/openid-configuration",
                new OpenIdConnectConfigurationRetriever(),
                new HttpDocumentRetriever());
            var validatedTokenResult = await ValidateToken(token, issuer, configurationManager);
        }
    
  • User Avatar
    0
    ismcagdas created
    Support Team
  • User Avatar
    0
    henryand created
    1. You can return the OpenID connect logout URL on TokenAuthController.cs I added a string output to the Logout to return the OpenId connect logoutUrl
      public async Task<string> LogOut() I added a call to my previously posted function to get the LogoutUrl return _openIdConnectAuthProviderApi.SendLogout(); I added a string output to the SendLogout function from above to return the LogoutUrl public string SendLogout()

    2. Then, handle it on Angular side here in app-auth.service.ts I added a parameter to the XmlHttpRequestHelper.ajax call I added a redirect to the LogoutUrl

                    XmlHttpRequestHelper.ajax('GET',AppConsts.remoteServiceBaseUrl + '/api/TokenAuth/LogOut',customHeaders,null,
               ***  (logoutUrl:string) *** => {abp.auth.clearToken();abp.auth.clearRefreshToken();
                    new LocalStorageService().removeItem(AppConsts.authorization.encrptedAuthTokenName);
                    if (reload !== false) {if (returnUrl) {location.href = returnUrl;} else {location.href = '';}}
                *** location.href = logoutUrl;} ***            
    

    I still don't know how to send the request to the external server Logout Endpoint as I asked in both previous questions.

            public string SendLogout()
            {
                var issuer = ProviderInfo.AdditionalParams["LogoutUrl"];
                var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
                    issuer + "/.well-known/openid-configuration",
                    new OpenIdConnectConfigurationRetriever(),
                    new HttpDocumentRetriever());
                    //var validatedTokenResult = await ValidateToken(token, issuer, configurationManager);
    
                ***return "THE URL FROM THE LOGOUT REQUEST GOES HERE BUT HOW DO I SEND THE REQUEST?"; ***
            }
    

    thank you

  • User Avatar
    0
    henryand created

    or did you mean that the TokenAuthController should just send the LogoutUrl from the configuration file?

    thanks

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @henryand,

    or did you mean that the TokenAuthController should just send the LogoutUrl from the configuration file?

    Yes, exactly.