-1

I have an Angular app that integrates with IdentityServer4 with implicit flow and the angular-oauth2-oidc library.

Everything seems to work fine, I can log in; and access token is available.

If I click the logout button, I handle it like:

logout() {    
   this.oauthService.logOut();    
}

...and I'm redirected to Identity Server, where it asks me if I really want to log out.

My question is whether I can bypass that prompt? I mean, I want to log out completely if the button is clicked and redirected back to the Angular site, without the need to confirm it?

How can this be achieved?

EDIT: as mentioned in the other answers, it should work if you pass id_token_hint. So I did:

logout() {
    this.oauthService.customQueryParams = {
        'id_token_hint': this.oauthService.getIdToken()
    };    
    this.oauthService.logOut();    
}

But it doesn't make any difference.

L-Four
  • 13,345
  • 9
  • 65
  • 109
  • 1
    Possible duplicate of [Skip logout prompt for IdentityServer4](https://stackoverflow.com/questions/48659718/skip-logout-prompt-for-identityserver4) – Matt Hensley Feb 20 '19 at 21:43
  • See https://stackoverflow.com/a/49114796/5751404 also .set current id token to `id_token_hint` when sending logout request . – Nan Yu Feb 21 '19 at 06:35

1 Answers1

0

There were two issues I needed to fix in order to make this work.

In IdentityServer, AccountOptions class, I had to set this property to true instead of false:

public static bool AutomaticRedirectAfterSignOut = true;

Next, In IdentityServer client configuration, I had to define the post logout redirect uri:

PostLogoutRedirectUris = new List<string> {"http://...."}

That did it. I did not have to change anything in the Angular client.

L-Four
  • 13,345
  • 9
  • 65
  • 109