3

Using the facebook login authentication in angular app with identity server 4. On logout method PostLogoutRedirectUri , ClientName, LogoutId is always null.

private async Task<LoggedOutViewModel> BuildLoggedOutViewModelAsync(string logoutId)
    {
        // get context information (client name, post logout redirect URI and iframe for federated signout)
        var logout = await _interaction.GetLogoutContextAsync(logoutId);

        var vm = new LoggedOutViewModel
        {
            AutomaticRedirectAfterSignOut = AccountOptions.AutomaticRedirectAfterSignOut,
            PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
            ClientName = string.IsNullOrEmpty(logout?.ClientName) ? logout?.ClientId : logout?.ClientName,
            SignOutIframeUrl = logout?.SignOutIFrameUrl,
            LogoutId = logoutId
        };

        if (User?.Identity.IsAuthenticated == true)
        {
            var idp = User.FindFirst(JwtClaimTypes.IdentityProvider)?.Value;
            if (idp != null && idp != IdentityServer4.IdentityServerConstants.LocalIdentityProvider)
            {
                var providerSupportsSignout = await HttpContext.GetSchemeSupportsSignOutAsync(idp);
                if (providerSupportsSignout)
                {
                    if (vm.LogoutId == null)
                    {
                        // if there's no current logout context, we need to create one
                        // this captures necessary info from the current logged in user
                        // before we signout and redirect away to the external IdP for signout
                        vm.LogoutId = await _interaction.CreateLogoutContextAsync();
                    }

                    vm.ExternalAuthenticationScheme = idp;
                }
            }
        }

        return vm;
    }

Angular oidc clident code

logout(): Promise<any> {
        return this._userManager.signoutRedirect();
    }

Client setup

public IEnumerable<Client> GetClients()
        {
            var client = new List<Client>
            {
                new Client
                {
                     ClientId = ConstantValue.ClientId,
                    ClientName = ConstantValue.ClientName,
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    RequireConsent = false,
                    RedirectUris =           { string.Format("{0}/{1}", Configuration["IdentityServerUrls:ClientUrl"], "assets/oidc-login-redirect.html"), string.Format("{0}/{1}", Configuration["IdentityServerUrls:ClientUrl"], "assets/silent-redirect.html") },
                    PostLogoutRedirectUris = { string.Format("{0}?{1}", Configuration["IdentityServerUrls:ClientUrl"] , "postLogout=true") },
                    AllowedCorsOrigins =     { Configuration["IdentityServerUrls: ClientUrl"] },

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        ConstantValue.ClientDashApi
                    },
                    IdentityTokenLifetime=120,
                    AccessTokenLifetime=120
                },
            };
            return client;
        }

id added

logoutId is always null. I am successfully able to login to facebook return to the callback method. But redirect uri is always null.

Reference IdentityServer4 PostLogoutRedirectUri null

San Jaisy
  • 15,327
  • 34
  • 171
  • 290
  • Can you check if you're passing your ID-token to IdentityServer? It needs that to get the correct post logout redirect uri. – Espen Medbø Dec 18 '18 at 11:48
  • I have added the screen shot of id token hint which is passed. Can you let me know i am doing correct. – San Jaisy Dec 19 '18 at 00:20

2 Answers2

9

This may not be your issue, but it was my issue when I got the same error as you so I am posting my own experience here.

I was following along in a Pluralsight video that was constructing an Angular app using IdentityServer4 as the STS Server, and it directed me to set the post_logout_redirect_uri in the configuration for my UserManager in the AuthService I was constructing, like so:

var config = {
        authority: 'http://localhost:4242/',
        client_id: 'spa-client',
        redirect_uri: `${Constants.clientRoot}assets/oidc-login-redirect.html`,
        scope: 'openid projects-api profile',
        response_type: 'id_token token',
        post_logout_redirect_uri: `${Constants.clientRoot}`,
        userStore: new WebStorageStateStore({ store: window.localStorage })
    }
    this._userManager = new UserManager(config);

An old issue at the github repo https://github.com/IdentityServer/IdentityServer4/issues/396 discussed the fact that this is set automatically now and doesn't need to be set explicitly (see the end of the thread). Once I removed that from the configuration I no longer had the issue where logoutId was null in the AccountController's Logout method:

/// <summary>
/// Show logout page
/// </summary>
[HttpGet]
public async Task<IActionResult> Logout(string logoutId)

So this was the correct setup for the config for me:

var config = {
        authority: 'http://localhost:4242/',
        client_id: 'spa-client',
        redirect_uri: `${Constants.clientRoot}assets/oidc-login-redirect.html`,
        scope: 'openid projects-api profile',
        response_type: 'id_token token',
        userStore: new WebStorageStateStore({ store: window.localStorage })
    }
    this._userManager = new UserManager(config);
James Eby
  • 1,784
  • 20
  • 25
0

I had a similar issue and for a few hours I was lost. In my case the value/url I had in angular for post_logout_redirect_uri (in the UserManagerSettings) was different than the value/url I had in my IdentityServer4 in the field PostLogoutRedirectUris of the Client configuration. I messed up the routes. It's a silly mistake but sometimes you miss the simple things.

Alfonso Muñoz
  • 1,609
  • 17
  • 24