post_logout_redirect_uri in implicit client

[stevenfirstrowinc]

Hi,

I'm not having much luck getting my post_logout_redirect_uri to work in my implicit client application. The url differs from the main application (different domain), but I don't see why it wouldn't work. Here are the relevant details.

client's config

PostLogoutRedirectUris = new List<string>
{
    "https://www.microsoft.com"
},

javascript logout function on the client

$window.location = "https://localhost:44310/identity/logout?id=" + response.id_token + "&post_logout_redirect_uri=https://www.codysoft.net"

nothing in the trace log of id srv
iisexpress.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 12/31/2014 1:31:39 AM -- Logout prompt for subject: raall
iisexpress.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 12/31/2014 1:31:41 AM -- Logout requested for subject: raall
iisexpress.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.AuthenticationController]: 12/31/2014 1:31:41 AM -- rendering logged out page
iisexpress.exe Information: 0 : [Thinktecture.IdentityServer.Core.Endpoints.EndSessionController]: 12/31/2014 1:31:42 AM -- End session callback requested

I have tried
id=" + response.id_token
id_token=" + response.id_token
id_token_hint=" + response.id_token

[brockallen]

The spec says you should pass id_token_hint and post_logout_redirect_uri.

http://openid.net/specs/openid-connect-session-1_0.html

The sample that uses the TokenManager works:

https://github.com/thinktecture/Thinktecture.IdentityServer.v3.Samples/tree/master/source/OAuthJS

Perhaps trace the HTTP traffic there to see what's different.

[stevenfirstrowinc]

I looked at this sample and ran it. when I click on the "Logout of Identity Server" button get sent to IdSrv where I'm asked if I want to logout, I click yes but I am still not redirected back. I do get a link at the bottom that allows me to get back to where I came from but I don't get redirected.

Is this expected behavior instead of automatically redirecting?

[iltera]

Yeah,  that's the default behaviour. I haven't given a thought about that before, but I guess an automatic redirect (as an optional setting) wouldn't hurt much.

Or, that is our responsibility with custom views?

Sent from myMail app for Android
Wednesday, 31 December 2014, 07:30PM +02:00 from Steven [email protected]:
I looked at this sample and ran it.  when I click on the "Logout of Identity Server" button get sent to IdSrv where I'm asked if I want to logout, I click yes but I am still not redirected back.  I do get a link at the bottom that allows me to get back to where I came from but I don't get redirected.
Is this expected behavior instead of automatically redirecting?
—
Reply to this email directly or  view it on GitHub .

[stevenfirstrowinc]

I guess my preference (based on what I'm doing right now) would be the auto redirect, but I can see where that might cause issues for others. For my part there's not much to see after they've logged out so I'd rather send them to where the client app wants them.

That being said, as long as it's working as it should, I can work with it.

[brockallen]

I don't think we'll allow auto redirects -- the reason is that it's possible that there are iframes being loaded on the page to trigger logouts to other places. If you auto redirect then those iframes might not load the pages they need to load and you won't get proper single signout.

[stevenfirstrowinc]

@brockallen I can live with that or do as @iltera suggests and create my own view.

As to my original problem, the problem is that I have a url that points to

https://localhost:44310/identity/logout

where as the OAuthJs sample uses

https://localhost:44333/core/connect/endsession

I get that the second url is coming from the discovery document, but why does "logout" work?

[leastprivilege]

If logout does anything - it's rather a bug.

You need to use the endpoint advertised in the discovery document.