PostLogoutRedirectUri callback not configurable

Bukran · June 24, 2024, 10:32am

Hi, I’m working on a .NET Core application trying to sign-out current authenticated user. This is the endpoint:

        [HttpGet("logout")]
        public IActionResult Logout([FromQuery] string redirectUri, string tenant) => SignOut(new AuthenticationProperties { RedirectUri = redirectUri },
            OpenIdConnectDefaults.AuthenticationScheme, CookieAuthenticationDefaults.AuthenticationScheme);

and this is the appropriate section in appsettings.json:

"Okta": {
  "OktaDomain": "https://dev-******.okta.com",
  "ClientId": "*****************",
  "ClientSecret": "****************************",
  "AuthorizationServerId": "default",
  "Scope": [ "openid", "profile", "email" ],
  "CallbackPath": "/api/okta/authorization-code/callback",
  "PostLogoutRedirectUri": "/api/okta/signout/callback"
}

but the SDK insists on redirecting to something like https://dev-******.okta.com/oauth2/default/v1/logout?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A5005%2Fsignout%2Fcallback&…

It’s redirecting to ‘localhost:5005/signout/callback’ and deliberately ignoring PostLogoutRedirectUri property. I’ve checked question 13797 in the forum but I’m still unable to get it to work.

Any clue would be much appreciated.

Bukran · September 16, 2024, 5:31am

This post was replied on July, the 13th by some florence023 who I haven’t been able to track back to say thanks. Setting RedirectUri in SignOutResult wasn’t enough.

I was finally able to resolve the problem by subscribing to OpenIdConnectEvents before calling AddOktaMvc() and overriding PostLogoutRedirectUri directly at the OppenId event.

string oktaConfigId = Environment.GetEnvironmentVariable("OKTA_CONFIGURATION") ?? "Okta";
var oktaConfig = configuration.GetSection(oktaConfigId).Get<OktaMvcOptions>();

if (oktaConfig is not null)
{
    oktaConfig.OpenIdConnectEvents = new OpenIdConnectEvents
    {
        OnRedirectToIdentityProviderForSignOut = context =>
        {
            var postLogoutUri = context.Properties.RedirectUri;
            if (string.IsNullOrEmpty(postLogoutUri))
            {
                postLogoutUri = configuration["Okta:PostLogoutRedirectUri"];
            }

            context.ProtocolMessage.PostLogoutRedirectUri = postLogoutUri;
            return Task.CompletedTask;
        }
    };

    services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })
    .AddCookie(options =>
    {
        options.Cookie.HttpOnly = true;
        options.Cookie.SameSite = SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    })
    .AddOktaMvc(oktaConfig);
}

Just in case anyone gets stuck, I hope this helps.

Post		Replies	Views
Cannot set PostLogoutRedirectUri Questions	11	8957	February 12, 2024
Customization of sign-out redirect URI in .NET ASP.NET Core OAuth/OIDC	2	3047	April 6, 2024
How can the sign-out redirect URI be customized in a .NET 7.0 ASP.NET Core application? OAuth/OIDC	1	2043	February 15, 2024
Logout question Questions dotnet	5	9180	April 26, 2022
Logout Issues in Okta Questions	10	9893	February 12, 2024

PostLogoutRedirectUri callback not configurable

Related topics