[英]No auto-redirect on IdentityServer3 logout endpoint
我無法弄清楚我在做什么錯。 我已經在身份服務器3中獲得了幾乎所有可用的功能,而且我不認為自己是那里的新手,但在使用生成的鏈接注銷后,我真的很難從javascript應用程序自動重定向到我選擇的重定向URL。 為了簡潔起見,省略了一些內容(例如完整的jwt令牌)。
這是我的要求:
https://identity.mysite.com/id/connect/endsession?id_token_hint=jwt-id-token&post_logout_redirect_uri=http://localhost:3000/
這是客戶端配置:
new Client
{
ClientName = "Website User",
ClientId = "webuser",
Flow = Flows.AuthorizationCode,
RequireConsent = false,
AllowedCorsOrigins = new List<string>()
{
CloudConfigurationManager.GetSetting("Auth:CorsOriginPrimary"),
CloudConfigurationManager.GetSetting("Auth:CorsOriginSecondary"),
},
RedirectUris = new List<string>
{
CloudConfigurationManager.GetSetting("Auth:RedirectUri"),
CloudConfigurationManager.GetSetting("Auth:SecondaryRedirectUri"),
CloudConfigurationManager.GetSetting("Auth:TertiaryRedirectUri")
},
ClientSecrets = new List<Secret>
{
new Secret(CloudConfigurationManager.GetSetting("WebUser:Secret").Sha256())
},
PostLogoutRedirectUris = new List<string>
{
CloudConfigurationManager.GetSetting("Auth:WebPostLogoutUri"),
CloudConfigurationManager.GetSetting("Auth:WebPostLogoutUri:Local")
},
AllowAccessToAllScopes = true
},
這是工廠配置(CORS)的東西:
var corsPolicy = new DefaultCorsPolicyService
{
AllowedOrigins = new[]
{
"https://storageurl.blob.core.windows.net",
CloudConfigurationManager.GetSetting("Auth:CorsOriginPrimary"),
CloudConfigurationManager.GetSetting("Auth:CorsOriginSecondary")
},
AllowAll = true
};
當然,AllowAll = true真的只是我試圖使其正常工作。
以下是相關的配置條目:
<add key="Auth:RedirectUri" value="http://localhost:3000/_oauth/oidc/" />
<add key="Auth:SecondaryRedirectUri" value="http://mysiteloc.com:3000/_oauth/oidc" />
<add key="Auth:TertiaryRedirectUri" value="http://localhost:3000/_oauth/oidc" />
<add key="Auth:CorsOriginPrimary" value="http://localhost:3000" />
<add key="Auth:CorsOriginSecondary" value="http://mysiteloc.com:3000" />
<add key="Auth:WebPostLogoutUri" value="http://localhost:3000/" />
<add key="Auth:WebPostLogoutUri:Local" value="http://mysiteloc:3000/" />
然后是日志。 看起來CORS可能有問題,但是我不確定。 我本以為允許在工廠配置和客戶端配置中使用源就足夠了,但是我仍然遇到問題。
2017-01-30 16:52:14.2034 INFO: Redirecting to logout page
2017-01-30 16:52:14.2465 INFO: Logout prompt for subject: 2054e687-777b-4ca3-bb20-ee59d8a1dc28
2017-01-30 16:52:14.2465 INFO: EnableSignOutPrompt set to false, performing logout
2017-01-30 16:52:14.2465 INFO: Logout endpoint submitted
2017-01-30 16:52:14.2465 INFO: Logout requested for subject: 2054e687-777b-4ca3-bb20-ee59d8a1dc28
2017-01-30 16:52:14.2465 INFO: Clearing cookies
2017-01-30 16:52:14.2580 INFO: rendering logged out page
2017-01-30 16:52:14.5831 INFO: CSP Report endpoint requested
2017-01-30 16:52:14.5831 INFO: CSP Report data: {"csp-report":{"document-uri":"https://identity.mysite.com/id/logout","referrer":"http://localhost:3000/reservations/purchase","violated-directive":"script-src 'self' ","effective-directive":"script-src","original-policy":"default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *; font-src 'self' https://storageurl.blob.core.windows.net/; report-uri https://identity.mysite.com/id/csp/report","blocked-uri":"eval","line-number":174,"column-number":361,"source-file":"https://identity.mysite.com/id/assets/scripts.2.5.0.js","status-code":0}}
2017-01-30 16:52:14.5831 INFO: Rendering 204
2017-01-30 16:52:14.7738 INFO: End session callback requested
2017-01-30 16:52:14.7738 DEBUG: No client end session iframe URLs
您可以幫助我的任何事情都會令人贊嘆。 我以為也許需要在這里傳遞授權碼,而不是實際的ID令牌,但是我看過其他示例,它們在其中傳遞了ID令牌,效果很好。 我想念什么?
編輯:在Chrome中查看“網絡”標簽時,看起來原始的endsession端點也將我重定向到endsessioncallback?sid = [some-sort-of-id]。 這是正常行為嗎?
https://identityserver.github.io/Documentation/docsv2/configuration/authenticationOptions.html
EnablePostSignOutAutoRedirect(默認值:false)?
如果您尚未觸摸此屬性,則可能是這樣。
將IdentityServer3與獨立EXE一起使用(不使用'redirect_uri'嗎?)
[英]Using IdentityServer3 with a standalone EXE (without using 'redirect_uri'?)
將IdentityServer3與單頁應用程序一起使用(UseIdentityServerBearerTokenAuthentication)
[英]Using IdentityServer3 with Single Page App (UseIdentityServerBearerTokenAuthentication)
如何從JavaScript請求IdentityServer3客戶端訪問令牌?
[英]How to request IdentityServer3 client access token from JavaScript?
IdentityServer3 ResourceOwner Angular請求返回400錯誤請求
[英]IdentityServer3 ResourceOwner Angular request returns 400 Bad request
IdentityServer3和使用Javascript的隱式流-如何處理client_secret
[英]IdentityServer3 & Implicit flow with Javascript - How is client_secret handled
無法從JavaScript客戶端訪問Thinktecture IdentityServer3上的登錄
[英]Cannot access login on Thinktecture IdentityServer3 from JavaScript client
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.