Search code examples
asp.net-coreidentityserver4

Is there any relation between SaveTokens and PostLogoutRedirectUris?

If savetokens is set to false the PostLogoutRedirectUris is not working. What is the relation between these two? I use identityserver4 1.1 with asp.net core 1.1

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    RequireHttpsMetadata = false,
    ClientId = "openIdConnectClient",
    AuthenticationScheme = "oidc",
    Authority = "https://localhost:44309/",
    SignInScheme = "Cookies",
    Scope = { "email" },
    SaveTokens = true
});


 new Client
 {
     ClientId = "openIdConnectClient",
     ClientName = "Example Implicit Client Application",
     AllowedGrantTypes = GrantTypes.Implicit,
     AllowedScopes = new List<string>
     {
         IdentityServerConstants.StandardScopes.OpenId,
         IdentityServerConstants.StandardScopes.Profile,
         IdentityServerConstants.StandardScopes.Email,
     },
     RedirectUris = new List<string>
     {      
         "https://localhost:44378/signin-oidc"
     },
          PostLogoutRedirectUris = new List<string> 
     {
         "https://localhost:44378/signout-callback-oidc" 
     },

  }
Solution

  • If you check the logout spec

    https://openid.net/specs/openid-connect-session-1_0.html#RedirectionAfterLogout

    you will find out, that the id_token is required at logout time to be able to redirect back to the client application.

    SaveTokens does this exactly for you - it stores the token in the cookie and send it back to the OP at logout time.