SaveTokens 和 PostLogoutRedirectUris 之间有什么关系吗？

Question

如果 savetokens 设置为 false，则 PostLogoutRedirectUris 不起作用。这两者之间是什么关系？我将 identityserver4 1.1 与 asp.net core 1.1

一起使用

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    RequireHttpsMetadata = false,
    ClientId = "openIdConnectClient",
    AuthenticationScheme = "oidc",
    Authority = "https://localhost:44309/",
    SignInScheme = "Cookies",
    Scope = { "email" },
    SaveTokens = true
});


 new Client
 {
     ClientId = "openIdConnectClient",
     ClientName = "Example Implicit Client Application",
     AllowedGrantTypes = GrantTypes.Implicit,
     AllowedScopes = new List<string>
     {
         IdentityServerConstants.StandardScopes.OpenId,
         IdentityServerConstants.StandardScopes.Profile,
         IdentityServerConstants.StandardScopes.Email,
     },
     RedirectUris = new List<string>
     {      
         "https://localhost:44378/signin-oidc"
     },
          PostLogoutRedirectUris = new List<string> 
     {
         "https://localhost:44378/signout-callback-oidc" 
     },

  }

Answer 1

如果您检查注销规范

https://openid.net/specs/openid-connect-session-1_0.html#RedirectionAfterLogout

您会发现，注销时需要 id_token 才能重定向回客户端应用程序。

SaveTokens 完全为您做这件事 - 它将令牌存储在 cookie 中，并在注销时将其发送回 OP。

SaveTokens 和 PostLogoutRedirectUris 之间有什么关系吗？

Is there any relation between SaveTokens and PostLogoutRedirectUris?

asp.net-core

identityserver4