question

EdBrinkman-1115 avatar image
0 Votes"
EdBrinkman-1115 asked JamesTran-MSFT edited

Cannot logout from OWIN external identity provider via PKCE

I have been unable to logout from an OWIN external identity provider. Either the user is not completely logged out or the website goes into an infinite loop of redirects. I am changing an existing asp.net MVC 4 website. I am not using Azure active directory. I am working with ForgeRock. I am open to ideas. I am required to use PKCE. The PKCE works in the OWIN startup file. It does not work in the LoginController. HTTP 400 bad request is returned when calling /connect/endSession without a code_verifier due to PKCE turned on. My problem is that I cannot get the code verifier in the LoginController method that calls the endSession endpoint. The startup class is not executed at all. The PKCE code is all in the startup.cs file. I do not know how to get the code verifier outside the Startup class file. My PKCE code came from the post at https://www.scottbrady91.com/ASPNET/Refreshing-your-Legacy-ASPNET-IdentityServer-Client-Applications

One attempt with the below code to logout. The redirect after logout causes an infinite loop of redirects. The login page never displays.

if (HttpContext.User.Identity.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.SignOut("Cookies");
HttpContext.GetOwinContext().Authentication.SignOut("oidc");
}
return RedirectToAction("Index", "Home");

Another attempt with the below code does not completely logout the user. The login page never displays. The user can still access the website.

HttpContext.GetOwinContext()
.Authentication
.SignOut(CookieAuthenticationDefaults.AuthenticationType);

dotnet-aspnet-mvc
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers