我正在尝试实现ASP.NETCore6.0MVC应用程序的注销功能(WebAPI不是一个单独的项目)。
然而,当我尝试注销应用程序时,我得到404错误请求-错误:
post_logout_redirect_uri "参数必须是客户端应用程序设置中的注销重定向URI
下面是program.cs:
appBuilder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
options.SlidingExpiration = true;
})
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = config.GetValue<string>("Okta:Domain");
options.ClientId = config.GetValue<string>("Okta:ClientId");
options.ClientSecret = config.GetValue<string>("Okta:ClientSecret");
options.GetClaimsFromUserInfoEndpoint = true;
options.ResponseType = OpenIdConnectResponseType.Code;
options.UseTokenLifetime = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.SaveTokens = true;
options.UseTokenLifetime = true;
options.RequireHttpsMetadata = true;
options.CallbackPath = "/signin-oidc";
options.SignedOutRedirectUri = "/Home/Logout";
if (config.GetValue<string>("env") != "localhost")
{
var proxyUri = new WebProxy(new Uri(config["ProxyURL"]), BypassOnLocal: false);
var proxyHttpClientHandler = new HttpClientHandler
{
Proxy = proxyUri,
UseProxy = true,
SslProtocols = System.Security.Authentication.SslProtocols.Tls | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls12
};
var httpClient = new HttpClient(proxyHttpClientHandler)
{
Timeout = TimeSpan.FromMinutes(10)
};
options.BackchannelHttpHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
Proxy = proxyHttpClientHandler.Proxy,
};
}
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = async ctx =>
{
ctx.ProtocolMessage.RedirectUri = config.GetValue<string>("Okta:RedirectUri");
await Task.FromResult(0);
},
OnRedirectToIdentityProviderForSignOut = async ctx =>
{
ctx.ProtocolMessage.PostLogoutRedirectUri = config.GetValue<string>("Okta:PostLogoutRedirectUri");
await Task.CompletedTask;
},
OnUserInformationReceived = async context =>
{
string rAccessToken = context.ProtocolMessage.AccessToken;
string rIdToken = context.ProtocolMessage.IdToken;
var handler = new JwtSecurityTokenHandler();
var accessToken = handler.ReadJwtToken(rAccessToken);
var idToken = handler.ReadJwtToken(rIdToken);
},
OnTicketReceived = async context =>
{
},
OnAuthenticationFailed = async context =>
{
},
OnSignedOutCallbackRedirect = async context =>
{
}
};
});
appBuilder.Services.AddAuthorization();appsettings.json:
"Okta": {
"ClientId": "123Ac0n28iK9MH3Oc297",
"ClientSecret": "325twLwoWrgBY6ep-Imgsrg43_12cIo6jA993j2VU",
"Domain": "https://login-bb.zzz/oauth2/default",
"PostLogoutRedirectUri": "https://localhost:22334/signout-callback-oidc",
"RedirectUri": "https://localhost:22334/signin-oidc",
"SignOutRedirectUri": "https://localhost:22334/signout-oidc"
},控制器:
[HttpPost]
public async Task Logout()
{
if (User.Identity.IsAuthenticated)
{
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
}
}如果将PostLogoutRedirectUri设置为NULL,它将注销应用程序并重定向到登录页面,但是,在登录时,它不会将我带回应用程序,而是将我重定向到okta主页。
我很感激你的建议。
1条答案
按热度按时间mwg9r5ms1#
我从来没有使用过OKTA API,但出于好奇,查看了API文档。据我所知,可能您的appsettings.json的命名不正确。您有“PostLogoutRedirectUri”,而API文档显示将PostLogoutRedirectUri的json设置为“end_session_redirect_uri”
同时声明...
如果不指定post_logout_redirect_uri,则浏览器将重定向到Okta登录页面
如果API端点正在查找“end_session_redirect_uri”但没有得到它,可能是因为它没有在上面的引号中指定它。
Sign users out | Okta Developer
向下滚动到...“定义注销回拨”部分。
就像我上面说的,从来没有用过奥克塔只是好奇。