connect/endsession 404 about identityserver4 HOT 19 CLOSED

yes - this is not done yet.

from identityserver4.

OK thanks, and will it work with the jti property from the token?

from identityserver4.

?

from identityserver4.

Client Config on server:
IncludeJwtId= true,

I use response_type = "token".

Then I would like to logout like this:

 // /connect/endsession?id_token_hint={jti property from token}&post_logout_redirect_uri=https://localhost:44347/unauthorized.html
        var Logoff = function () {
            var token = localStorageService.get("authorizationData");
            var data = getDataFromToken(token);

            var authorizationUrl = 'https://localhost:44345/connect/endsession';
            var id_token_hint = data.jti;
            var post_logout_redirect_uri = 'https://localhost:44347/unauthorized.html';
            var state = Date.now() + "" + Math.random();

            var url =
                authorizationUrl + "?" +
                "id_token_hint=" + id_token_hint + "&" +
                "post_logout_redirect_uri=" + encodeURI(post_logout_redirect_uri) + "&" +
                "state=" + encodeURI(state);

            ResetAuthorizationData();
            $window.location = url;
        }

Possible?

Thanks Damien

from identityserver4.

it is not implemented yet - don't try to work around that ;)

Jti is not meant for logout.

from identityserver4.

We'll have an update to idsrv4 once rc2 is released.

from identityserver4.

When it is implemented, sometime after RC2 release, how will logout be supported when using response_type="token" then?

Greetings Damien

from identityserver4.

since token on its own would be OAuth 2.0 and not OpenID Connect - there is no logout.

from identityserver4.

Why do you support response_type="token" if you cannot logout then?

from identityserver4.

logout is part of the openid connect spec. OAuth 2.0 on its own is not an authentication protocol (hence no logout).

You can still logout of identityserver of course.

I can see that this is confusing ;)

from identityserver4.

Well you always said we should use OpenId connect. Have to re-implement now... It's not so easy to implement "id_token token" in javascript.

Thanks Damien

from identityserver4.

JS is not that bad -- you can look into the oidc-client/oidc-token-manager, or just use the idtoken validation endpoint:

https://identityserver.github.io/Documentation/docsv2/endpoints/identityTokenValidation.html

from identityserver4.

Also, here's a link to a relevant video: https://vimeo.com/131636653

from identityserver4.

Thanks, got it working, was missing the openid scope in the request. Thanks for the link, I look forward to watching it.

Greetings Damien

from identityserver4.

Hi there

Any idea about the ETA of RC2?

Looking forward to be able to use the Session logout feature.

from identityserver4.

No

https://github.com/aspnet/Home/wiki/Roadmap

from identityserver4.

Any work happening on this guys?

from identityserver4.

Looking forward to a solution on this one :-)

from identityserver4.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

from identityserver4.