PostLogoutRedirectUri callback not configurable

Questions OAuth/OIDC
1

Hi, I’m working on a .NET Core application trying to sign-out current authenticated user. This is the endpoint:

        [HttpGet("logout")]
        public IActionResult Logout([FromQuery] string redirectUri, string tenant) => SignOut(new AuthenticationProperties { RedirectUri = redirectUri },
            OpenIdConnectDefaults.AuthenticationScheme, CookieAuthenticationDefaults.AuthenticationScheme);

and this is the appropriate section in appsettings.json:

"Okta": {
  "OktaDomain": "https://dev-******.okta.com",
  "ClientId": "*****************",
  "ClientSecret": "****************************",
  "AuthorizationServerId": "default",
  "Scope": [ "openid", "profile", "email" ],
  "CallbackPath": "/api/okta/authorization-code/callback",
  "PostLogoutRedirectUri": "/api/okta/signout/callback"
}

but the SDK insists on redirecting to something like https://dev-******.okta.com/oauth2/default/v1/logout?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A5005%2Fsignout%2Fcallback&…

It’s redirecting to ‘localhost:5005/signout/callback’ and deliberately ignoring PostLogoutRedirectUri property. I’ve checked question 13797 in the forum but I’m still unable to get it to work.

Any clue would be much appreciated.

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

5

This post was replied on July, the 13th by some florence023 who I haven’t been able to track back to say thanks. Setting RedirectUri in SignOutResult wasn’t enough.

I was finally able to resolve the problem by subscribing to OpenIdConnectEvents before calling AddOktaMvc() and overriding PostLogoutRedirectUri directly at the OppenId event.

string oktaConfigId = Environment.GetEnvironmentVariable("OKTA_CONFIGURATION") ?? "Okta";
var oktaConfig = configuration.GetSection(oktaConfigId).Get<OktaMvcOptions>();

if (oktaConfig is not null)
{
    oktaConfig.OpenIdConnectEvents = new OpenIdConnectEvents
    {
        OnRedirectToIdentityProviderForSignOut = context =>
        {
            var postLogoutUri = context.Properties.RedirectUri;
            if (string.IsNullOrEmpty(postLogoutUri))
            {
                postLogoutUri = configuration["Okta:PostLogoutRedirectUri"];
            }

            context.ProtocolMessage.PostLogoutRedirectUri = postLogoutUri;
            return Task.CompletedTask;
        }
    };

    services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })
    .AddCookie(options =>
    {
        options.Cookie.HttpOnly = true;
        options.Cookie.SameSite = SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    })
    .AddOktaMvc(oktaConfig);
}

Just in case anyone gets stuck, I hope this helps.

1 Like
6

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.