Identity Server 4 - 检查 iframe 会话问题 - oidc 客户端
Identity Server 4 - Check iframe session issue - oidc client
我在我的 angular 应用程序中使用 OIDC Client 针对身份服务器 4 进行身份验证。一切正常,直到我点击注销。
我已经启用了监视会话(默认启用)以便其他浏览器可以检测到注销,并且我可以在同一浏览器的其他选项卡中注销用户。当我从一个选项卡注销时,另一个选项卡向身份服务器请求静默刷新令牌并获得成功。我希望其他浏览器也注销。如果我在另一个选项卡中按 F5,那么是的,它会被重定向到再次登录。但不是自动的。
更新
从共享同一身份服务器的其他客户端注销 frontChannel
,您可以在您的身份中添加一个 iframe 以通知您的客户有关注销的信息(oidc-client.js 支持前端通道注销)
Front-channel server-side clients
To signout the user from the server-side client applications via the front-channel spec, the “logged out” page in IdentityServer must render an to notify the clients that the user has signed out. Clients that wish to be notified must have the FrontChannelLogoutUri configuration value set. IdentityServer tracks which clients the user has signed into, and provides an API called GetLogoutContextAsync on the IIdentityServerInteractionService (details). This API returns a LogoutRequest object with a SignOutIFrameUrl property that your logged out page must render into an .
Back-channel server-side clients
To signout the user from the server-side client applications via the back-channel spec, the SignOutIFrameUrl endpoint in IdentityServer will automatically trigger server-to-server invocation passing a signed sign-out request to the client. This means that even if there are no front-channel clients, the “logged out” page in IdentityServer must still render an to the SignOutIFrameUrl as described above. Clients that wish to be notified must have the BackChannelLogoutUri configuration value set.
Browser-based JavaScript clients
Given how the session management specification is designed, there is nothing special in IdentityServer that you need to do to notify these clients that the user has signed out. The clients, though, must perform monitoring on the check_session_iframe, and this is implemented by the oidc-client JavaScript library.
之后你可以在你的所有客户端中监听 oidc-client 的 addUserSignedOut 事件并触发 signoutRedirect 退出您的客户端
this._userManager.events.addUserSignedOut(() => {
this._userManager
.signoutRedirect()
.then(resp => {
console.log('Success');
})
.catch(err => {
console.log(err);
});
});
查看此 documentation 了解更多详情
我在我的 angular 应用程序中使用 OIDC Client 针对身份服务器 4 进行身份验证。一切正常,直到我点击注销。
我已经启用了监视会话(默认启用)以便其他浏览器可以检测到注销,并且我可以在同一浏览器的其他选项卡中注销用户。当我从一个选项卡注销时,另一个选项卡向身份服务器请求静默刷新令牌并获得成功。我希望其他浏览器也注销。如果我在另一个选项卡中按 F5,那么是的,它会被重定向到再次登录。但不是自动的。
更新
从共享同一身份服务器的其他客户端注销 frontChannel ,您可以在您的身份中添加一个 iframe 以通知您的客户有关注销的信息(oidc-client.js 支持前端通道注销)
Front-channel server-side clients
To signout the user from the server-side client applications via the front-channel spec, the “logged out” page in IdentityServer must render an to notify the clients that the user has signed out. Clients that wish to be notified must have the FrontChannelLogoutUri configuration value set. IdentityServer tracks which clients the user has signed into, and provides an API called GetLogoutContextAsync on the IIdentityServerInteractionService (details). This API returns a LogoutRequest object with a SignOutIFrameUrl property that your logged out page must render into an .
Back-channel server-side clients
To signout the user from the server-side client applications via the back-channel spec, the SignOutIFrameUrl endpoint in IdentityServer will automatically trigger server-to-server invocation passing a signed sign-out request to the client. This means that even if there are no front-channel clients, the “logged out” page in IdentityServer must still render an to the SignOutIFrameUrl as described above. Clients that wish to be notified must have the BackChannelLogoutUri configuration value set.
Browser-based JavaScript clients
Given how the session management specification is designed, there is nothing special in IdentityServer that you need to do to notify these clients that the user has signed out. The clients, though, must perform monitoring on the check_session_iframe, and this is implemented by the oidc-client JavaScript library.
之后你可以在你的所有客户端中监听 oidc-client 的 addUserSignedOut 事件并触发 signoutRedirect 退出您的客户端
this._userManager.events.addUserSignedOut(() => {
this._userManager
.signoutRedirect()
.then(resp => {
console.log('Success');
})
.catch(err => {
console.log(err);
});
});
查看此 documentation 了解更多详情