I'm using OAuth2 from an IdentityServer 4 instance. Based on this example, I'm able to login and call an API hosted by the server.
How would I perform a logout from OidcClient without showing a webview prompting the user to confirm the logout?
At present, I'm using the following code to logout, but the library still displays a webview with a logout prompt. I'd ideally want to just process the logout without showing any additional popups:
await _client.LogoutAsync(
new LogoutRequest {
BrowserDisplayMode = DisplayMode.Hidden,
});
The LogoutRequest contains an IdTokenHint property for this. If you want to disable the logout-prompt, you'll need to set this as the id_token for the current user. See the OIDC spec for this here:
id_token_hint
RECOMMENDED. Previously issued ID Token passed to the logout endpoint as a hint about the End-User's current authenticated session with the Client. This is used as an indication of the identity of the End-User that the RP is requesting be logged out by the OP. The OP need not be listed as an audience of the ID Token when it is used as an id_token_hint value.
By providing the id_token with this request, the authority can be sure that the signout request itself is authentic and therefore deem that there is no need to prompt the user.
If you don't have the id_token, you'll need to request it when first authorising the user and then hold on to it for later use.