sign out does not properly work about angularaspnetcoreoauth HOT 8 CLOSED

Got it finally working.
On the client side, the only thing you have to do is to call the signoutRedirect() function (of oicd-client-js), which is already done in this template. This will call the End Session Endpoint (connect/endsession) of IdentityServer, which by default will redirect you to the Account/Logout route, but only if such a route exists (which is not the case in this template).
So you have to create a Logout() method in the AccountController.cs class, where you call the SignOutAsync() method, which will revoke the cookie, and then you can redirect back to the client.

[HttpGet]
        public async Task<IActionResult> Logout(string logoutId)
        {
            await _signInManager.SignOutAsync();
            return Redirect("http//:localhost:4200");
        }

Instead of hardcoding the url of the client you can also use the PostLogoutRedirectUri that is passed by the client's call issued by signoutRedirect().
To access this parameter on the server, you can do the following:

var context = await _interaction.GetLogoutContextAsync(logoutId); return Redirect(context.PostLogoutRedirectUri);
... where _interaction is a IIdentityServerInteractionService.

from angularaspnetcoreoauth.

It works for me. One possible reason is that you might click the 'Remember me' when you made first login. Another possible reason for this is that authentication token is still in the local storage. Try to clean the browser history and it might jump out the trap.

from angularaspnetcoreoauth.

Doesn't work for me either. The signout() function doesn't delete the cookie. (I did not select 'Remember me' during the login)

from angularaspnetcoreoauth.

Doesn't work for me either. The signup() function doesn't delete the cookie. (I did not select 'Remember me' during the login)

Do you mean 'Sign out' instead of 'Sign up'? If so, yes, there's a problem in delete token cookie. Probably it's some unknown bugs in IdentityServer4. Since there's only one redirect method called in Signout. I'm also trying to fix this problem.

from angularaspnetcoreoauth.

Doesn't work for me either. The signup() function doesn't delete the cookie. (I did not select 'Remember me' during the login)

Do you mean 'Sign out' instead of 'Sign up'? If so, yes, there's a problem in delete token cookie. Probably it's some unknown bugs in IdentityServer4. Since there's only one redirect method called in Signout. I'm also trying to fix this problem.

Yes I meant "Sign Out", thank you. It also seems to me that it's a bug in Identity Server. The signoutRedirect() in your code calls properly the End Session endpoint, with the id_token_hint and post_logout_redirect_uri parameters set (I checked that in Fiddler).

Did this also occur in earlier versions of Identity Server or do you know a version where it works?
Or maybe do you know of another way to solve this? (There has to be, as many pages use IdentityServer in production, and it's recommended by Microsoft...)

Btw: I opened the following issue on the IdentityServer hub:
IdentityServer/IdentityServer4#3593

from angularaspnetcoreoauth.

Got it finally working.
On the client side, the only thing you have to do is to call the signoutRedirect() function (of oicd-client-js), which is already done in this template. This will call the End Session Endpoint (connect/endsession) of IdentityServer, which by default will redirect you to the Account/Logout route, but only if such a route exists (which is not the case in this template).
So you have to create a Logout() method in the AccountController.cs class, where you call the SignOutAsync() method, which will revoke the cookie, and then you can redirect back to the client.

[HttpGet]
        public async Task<IActionResult> Logout(string logoutId)
        {
            await _signInManager.SignOutAsync();
            return Redirect("http//:localhost:4200");
        }

Instead of hardcoding the url of the client you can also use the PostLogoutRedirectUri that is passed by the client's call issued by signoutRedirect().
To access this parameter on the server, you can do the following:

var context = await _interaction.GetLogoutContextAsync(logoutId); return Redirect(context.PostLogoutRedirectUri);
... where _interaction is a IIdentityServerInteractionService.

This is not correct solution, what's the meaning of using MVC controller action in angular app? By doing this you can't logout when angular app runs outside .net scope and using 'ng serve', controller will not listen your logout call.

from angularaspnetcoreoauth.

I had similar issue and to fix this you don't need .net core assemblies (check my above comment), here's the resolution IdentityServer/IdentityServer4#3854

from angularaspnetcoreoauth.

All fixed as of 64452e0

Thanks so much, @nkaenzig and @itorian for the feedback!

from angularaspnetcoreoauth.