Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infer sign out scheme when using external identity providers and asp.net identity #1265

Merged
merged 2 commits into from
Sep 7, 2023
Merged

Infer sign out scheme when using external identity providers and asp.net identity #1265

merged 2 commits into from
Sep 7, 2023

Conversation

okhara
Copy link
Contributor

@okhara okhara commented May 2, 2023
edited
Loading

Redirecting back to client application after logging out from the external identity provider

User is not redirected back to the client application from external identity provider, when identity server is configured for asp.net identity.

Link to the Issue

After some debugging of the duende and Microsoft sources, I've discovered that the reason for the redirection problem is the absence of id token. SignOutScheme which is used to retrieve id token from the user is set to default value, but default authentication scheme after configuring identity server for asp.net identity is changed to Application.Identity.

@okhara okhara mentioned this pull request Aug 31, 2023
Closed
@brockallen brockallen added this to the 7.0 milestone Jul 17, 2023
josephdecock
josephdecock reviewed Aug 11, 2023
View reviewed changes
src/AspNetIdentity/PostConfigureIdentityServerOptions.cs
// Identity's cookie at sign out time. If the sign out scheme is explicitly
// set, then we don't override that though.

if (DefaultAuthSchemeIsAspNetIdentity() &&
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic has been refactored a bit to make the intentions clearer

src/IdentityServer/Configuration/DependencyInjection/Options/DynamicProviderOptions.cs
/// <summary>
/// Gets a value indicating if the SignOutScheme was set explicitly, either by application logic or by options binding.
/// </summary>
public bool SignOutSchemeSetExplicitly { get => _signOutScheme != null; }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The options class now understands if the sign out scheme has actually been set. We use that in our configuration so that we don't override a user who is trying to set the scheme explicitly.

@josephdecock
Copy link
Member

@brockallen I've made some changes to this PR, would you take a look and review please?

@brockallen brockallen added enhancement New feature or request and removed investigating labels Sep 7, 2023
@brockallen brockallen merged commit 219d344 into DuendeSoftware:main Sep 7, 2023
5 checks passed
@josephdecock josephdecock changed the title Add post configuration of identity server options Infer the correct sign out scheme when using external identity providers and asp.net identity Nov 10, 2023
@josephdecock josephdecock changed the title Infer the correct sign out scheme when using external identity providers and asp.net identity Infer sign out scheme when using external identity providers and asp.net identity Nov 10, 2023
@josephdecock josephdecock mentioned this pull request Nov 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josephdecock josephdecock josephdecock left review comments

@brockallen brockallen brockallen approved these changes

Assignees

@josephdecock josephdecock

Labels
enhancement New feature or request release notes done
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@okhara @josephdecock @brockallen