If savetokens
is set to false
the PostLogoutRedirectUris
is not working. What is the relation between these two? I use identityserver4 1.1 with asp.net core 1.1
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
RequireHttpsMetadata = false,
ClientId = "openIdConnectClient",
AuthenticationScheme = "oidc",
Authority = "https://localhost:44309/",
SignInScheme = "Cookies",
Scope = { "email" },
SaveTokens = true
});
new Client
{
ClientId = "openIdConnectClient",
ClientName = "Example Implicit Client Application",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
},
RedirectUris = new List<string>
{
"https://localhost:44378/signin-oidc"
},
PostLogoutRedirectUris = new List<string>
{
"https://localhost:44378/signout-callback-oidc"
},
}
If you check the logout spec
https://openid.net/specs/openid-connect-session-1_0.html#RedirectionAfterLogout
you will find out, that the id_token is required at logout time to be able to redirect back to the client application.
SaveTokens
does this exactly for you - it stores the token in the cookie and send it back to the OP at logout time.