IdentityServer4 LogoutId


Please Share

If like me you have been working on an IdentityServer4 project you may have seen a lot of the sample projects contain a LogOut method which accepts one parameter logoutId. I spent a while trying to understand how my clients were supposed to know what this logoutid is in order to logout of the identity server session. In this post i am going to show you how we should be logging our clients out of the identity server.



Logout

On your identity server you probably have a method that looks a little bit like this. We dont actually call this method we let the Identity server call that our clients should be hitting the end session end point not this.


        [HttpGet]
        public async Task Logout(string logoutId)
        {
            var logout = await _interaction.GetLogoutContextAsync(logoutId);

            var vm = new LoggedOutViewModel
            {
                PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
                ClientName = logout?.ClientId,
                SignOutIframeUrl = logout?.SignOutIFrameUrl
            };
            await _httpContextAccessor.HttpContext.SignOutAsync();
            _logger.LogDebug("User logged out.");
            return View("LoggedOut", vm);
        }

End session end point

The end session endpoint is used to trigger single sign-out if a user from the identity server (see spec).

When you set up your client for logging in you must add a LogoutRedirectUri this is where the end session will be returned to. Think of it like a Redirect URI only for logging out. Once you make a call to the end session endpoint a client application will redirect the user’s browser to this URL.

GET /connect/endsession?id_token_hint={TOKENID}

Conclusion

Logging a client out of IdentityServer 4 is done by making a call to the endsession end point. Once the user is signed out they will be directed back to your application via the LogoutRedirectUri. YOu can read more about it here End Session Endpoint

Please Share


Linda Lawton

About Linda Lawton

My name is Linda Lawton I have more than 20 years experience working as an application developer and a database expert. I have also been working with Google APIs since 2012 and I have been contributing to the Google .Net client library since 2013. In 2013 I became a a Google Developer Experts for Google Analytics.

Leave a comment

Your email address will not be published. Required fields are marked *