Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

IdentityServer logout after consent #7939


User avatar
0
Ricavir created

Hi,

I have activated IdentityServer in my project and linked login endpoint to a specific MVC Account controller. You helped me some days ago to build this controller.

Everything works for login process.

As an exemple, I'm able to authorize Zapier application to access my app API : the process is simple, Zapier calls my identityserver login endpoint with a returnurl. Then, the user can connect with its app credentials. I've configured identityserver to show a consent screen before giving access to the third party application (eg : Zapier).

My issue is that the authentication cookie (.AspNetCore.Identity.Application) is stored after this login process... normal, but for nexts app authorizations I'm automatically redirected to consent screen because previous user is still logged in. The only way to fix this is to manually remove the cookie.

The solution should be to log out the user from identityserver (https://identityserver4.readthedocs.io/en/latest/topics/signout.html)

But I don't konw where to do it... just before login process ? or just after consent ? In both cases, I don't know where to add logout code.

Do you have an idea where to do it ?


4 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    My issue is that the authentication cookie (.AspNetCore.Identity.Application) is stored after this login process... normal, but for nexts app authorizations I'm automatically redirected to consent screen because previous user is still logged in. The only way to fix this is to manually remove the cookie.

    In general, the cookie will be stored in the app's browser, and the second app will not conflict with the first one.

    I don't understand your process very much. Can you share some screenshots?

  • User Avatar
    0
    Ricavir created

    Sure :

    First connect to Zapier and try to authenticate to the app :

    then my app login screen is displayed (specific Account controller just for third party app authentications)

    After credential input, consent screen is displayed

    At this stage, user is logged in and a cookie has ben stored

    In this context, if user tries to connect again (for exemple to link zapier to another user account), it is not possible because previous user has not been logged out and consent screen is automatically displayed.

    Then the question is how to log user out : after first consent or before displaying login screen ?

  • User Avatar
    0
    maliming created
    Support Team

    For example, website A may have the function of logging in with github account, and it is also to github webpage. I enter the username and password to log in and call back to website A.

    In the same browser, I have both login status on both website A and Github. When I log in using github on site B, the github account will directly display the status of my login. This is normal behavior.

    Unless you log out on github, or notify github to log out at the same time when site A logs out(this feature requires github support, Identity server built-in support).

    The point is that you use the same browser.

  • User Avatar
    0
    ismcagdas created
    Support Team

    This issue is closed because it has not had recent activity for a long time.