[英]ASP.NET Core Web Api controller end points are all returning 404 error
[英]ASP.NET Core 6 OAuth2 Logout - returning 404 error
我正在尝试为 ASP.NET Core 6.0 MVC 应用程序实现注销功能(Web API 不是一个单独的项目)。
但是,当我尝试注销应用程序时,出现 404 Bad Request - 错误:
'post_logout_redirect_uri' 参数必须是客户端应用程序设置中的注销重定向 URI
这是program.cs
:
appBuilder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
options.SlidingExpiration = true;
})
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = config.GetValue<string>("Okta:Domain");
options.ClientId = config.GetValue<string>("Okta:ClientId");
options.ClientSecret = config.GetValue<string>("Okta:ClientSecret");
options.GetClaimsFromUserInfoEndpoint = true;
options.ResponseType = OpenIdConnectResponseType.Code;
options.UseTokenLifetime = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.SaveTokens = true;
options.UseTokenLifetime = true;
options.RequireHttpsMetadata = true;
options.CallbackPath = "/signin-oidc";
options.SignedOutRedirectUri = "/Home/Logout";
if (config.GetValue<string>("env") != "localhost")
{
var proxyUri = new WebProxy(new Uri(config["ProxyURL"]), BypassOnLocal: false);
var proxyHttpClientHandler = new HttpClientHandler
{
Proxy = proxyUri,
UseProxy = true,
SslProtocols = System.Security.Authentication.SslProtocols.Tls | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls12
};
var httpClient = new HttpClient(proxyHttpClientHandler)
{
Timeout = TimeSpan.FromMinutes(10)
};
options.BackchannelHttpHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
Proxy = proxyHttpClientHandler.Proxy,
};
}
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = async ctx =>
{
ctx.ProtocolMessage.RedirectUri = config.GetValue<string>("Okta:RedirectUri");
await Task.FromResult(0);
},
OnRedirectToIdentityProviderForSignOut = async ctx =>
{
ctx.ProtocolMessage.PostLogoutRedirectUri = config.GetValue<string>("Okta:PostLogoutRedirectUri");
await Task.CompletedTask;
},
OnUserInformationReceived = async context =>
{
string rAccessToken = context.ProtocolMessage.AccessToken;
string rIdToken = context.ProtocolMessage.IdToken;
var handler = new JwtSecurityTokenHandler();
var accessToken = handler.ReadJwtToken(rAccessToken);
var idToken = handler.ReadJwtToken(rIdToken);
},
OnTicketReceived = async context =>
{
},
OnAuthenticationFailed = async context =>
{
},
OnSignedOutCallbackRedirect = async context =>
{
}
};
});
appBuilder.Services.AddAuthorization();
appsettings.json
:
"Okta": {
"ClientId": "123Ac0n28iK9MH3Oc297",
"ClientSecret": "325twLwoWrgBY6ep-Imgsrg43_12cIo6jA993j2VU",
"Domain": "https://login-bb.zzz/oauth2/default",
"PostLogoutRedirectUri": "https://localhost:22334/signout-callback-oidc",
"RedirectUri": "https://localhost:22334/signin-oidc",
"SignOutRedirectUri": "https://localhost:22334/signout-oidc"
},
控制器:
[HttpPost]
public async Task Logout()
{
if (User.Identity.IsAuthenticated)
{
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
}
}
如果将PostLogoutRedirectUri
设置为 NULL,它会退出应用程序并重定向到登录页面。 但是,在登录后,它不会将我带回应用程序,而是将我重定向到 okta 主页。
我很欣赏这方面的任何提示。
从未使用过 OKTA API,但出于好奇并查看了 API 文档。 据我所见,您的 appsettings.json 的命名法可能不正确。 您有“PostLogoutRedirectUri”,API 文档显示将 PostLogoutRedirectUri 的 json 设置为“end_session_redirect_uri”
还说明了这...
如果您不指定 post_logout_redirect_uri,则浏览器将重定向到 Okta 登录页面
如果 API 端点正在寻找“end_session_redirect_uri”但没有得到它,则可能它会将其视为未在上述引述中指定。
向下滚动到...“定义注销回调”部分。
就像我上面说的,从未使用过 Okta 只是对此感到好奇。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.