Reputation: 7469
How to get the client_id in the logout endpoint in OpenIddict?
I'm trying to get information about the client who initiated logout (like ClientId and display name).
But I can't get it from the request.
Here's is the LogOut action in the client application:
[Route("/logout")]
[HttpGet]
public IActionResult LogOut()
{
return SignOut(new AuthenticationProperties
{
RedirectUri = "/status"
}, CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme);
}
From the HTTP request retrieved at the logout endpoint in OpenIddict server, the ClientId is null:
HttpContext.GetOpenIddictServerRequest().ClientId; // Null
but these parameters are sent: post_logout_redirect_uri, id_token_hint, state with the request.
Is there a way to include the ClientId with the logout request? In the specs (https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout) it's optional, so maybe it can be enabled/disabled somewhere?
Upvotes: 0
Views: 1098
Answers (1)
Reputation: 42110
My recommendation is to use the OpenIddict client, that implements the latest draft of the RP-initiated logout specification and will send the client_id parameter for you. You can see it in action here: https://github.com/openiddict/openiddict-samples/tree/dev/samples/Velusia/Velusia.Client
Alternatively, if you prefer using the MSFT OIDC handler, you can use its event model - and more specifically the OpenIdConnectEvents.OnRedirectToIdentityProviderForSignOut event - to override the URL the user is redirected to when triggering a sign-out.
Upvotes: 1
Related Questions
- How to set the Content-Type header for an HttpClient request?
- OpenIddict/OIDC Logout Infinite Loop
- IdentityServer4 as external provider, how to avoid logout prompt?
- OpenID Connect authorize endpoint XHR vs hidden iframe
- How does the relying party know where to redirect to after obtaining the access token?
- session status check with OIDC and ADFS 3.0
- 'id_token_hint' in RP Initiated Logout