SSO - How to logout?
I logged in using SSO and it worked.
But I want to use SSO to logout, and after checking, it seems that Session Endpoint is not supported.
I use the Revoke endpoint, but it automatically login after successfully revoke.
May I ask how to correctly exit SSO?
.Net 7 , OIDC
- authentication.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, "SSO", options =>
- {
- options.ClientId = Configuration.GetValue<string>("SSO:ClientId");
- options.ClientSecret = Configuration.GetValue<string>("SSO:ClientSecret");
- options.MetadataAddress = Configuration.GetValue<string>("SSO:MetadataAddress");
- options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
- options.SaveTokens = true;
- options.GetClaimsFromUserInfoEndpoint = true;
- options.TokenValidationParameters.NameClaimType = "name";
- options.TokenValidationParameters.RoleClaimType = "role";
- });
logout code
- protected override void OnLoggedOff()
- {
- base.OnLoggedOff();
- if (IsLoggedOn)
- {
- HttpContext httpContext = ServiceProvider.GetRequiredService<IHttpContextAccessor>().HttpContext;
- if (httpContext != null)
- {
- var id_token = httpContext.GetTokenAsync("id_token").GetAwaiter().GetResult() ?? string.Empty;
- var refresh_token = httpContext.GetTokenAsync("refresh_token").GetAwaiter().GetResult() ?? string.Empty;
- var access_token = httpContext.GetTokenAsync("access_token").GetAwaiter().GetResult() ?? string.Empty;
- var httpClientFactory = ServiceProvider.GetRequiredService<IHttpClientFactory>();
- var httpClient = httpClientFactory.CreateClient();
- using var request = new TokenRevocationRequest();
- request.Address = Configuration.GetValue<string>("SSO:RevokeEndpoint");;
- request.ClientId = Configuration.GetValue<string>("SSO:ClientId");
- request.ClientSecret = Configuration.GetValue<string>("SSO:ClientSecret");
- if (string.IsNullOrEmpty(access_token) == false)
- {
- using TokenRevocationRequest request_AccessToken = request.Clone<TokenRevocationRequest>();
- request_AccessToken.Token = access_token;
- request_AccessToken.TokenTypeHint = "access_token";
- var response = httpClient.RevokeTokenAsync(request_AccessToken).GetAwaiter().GetResult();
- if (response.IsError)
- {
- }
- }
- }
- }
- }