/// <summary> /// Called before the LogoutEndpoint endpoint redirects its response to the caller. /// If the web application wishes to produce the authorization response directly in the LogoutEndpoint call it may write to the /// context.Response directly and should call context.RequestCompleted to stop other handlers from executing. /// This call may also be used to add additional response parameters to the authorization response. /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public virtual Task LogoutEndpointResponse(LogoutEndpointResponseContext context) => OnLogoutEndpointResponse(context);
protected override async Task HandleSignOutAsync(SignOutContext context) { // request may be null when no logout request has been received // or has been already handled by InvokeLogoutEndpointAsync. var request = Context.GetOpenIdConnectRequest(); if (request == null) { return; } // Stop processing the request if there's no signout context that matches // the authentication type associated with this middleware instance // or if the response status code doesn't indicate a successful response. if (context == null || Response.StatusCode != 200) { return; } if (Response.HasStarted) { Logger.LogCritical( "OpenIdConnectServerHandler.TeardownCoreAsync cannot be called when " + "the response headers have already been sent back to the user agent. " + "Make sure the response body has not been altered and that no middleware " + "has attempted to write to the response stream during this request."); return; } // post_logout_redirect_uri is added to the response message since it can be // set or replaced from the ValidateClientLogoutRedirectUri event. var response = new OpenIdConnectMessage { PostLogoutRedirectUri = request.PostLogoutRedirectUri, State = request.State }; var notification = new LogoutEndpointResponseContext(Context, Options, request, response); await Options.Provider.LogoutEndpointResponse(notification); if (notification.HandledResponse) { return; } // Stop processing the request if no explicit // post_logout_redirect_uri has been provided. if (string.IsNullOrEmpty(response.PostLogoutRedirectUri)) { return; } var location = response.PostLogoutRedirectUri; foreach (var parameter in response.Parameters) { // Don't include post_logout_redirect_uri in the query string. if (string.Equals(parameter.Key, OpenIdConnectParameterNames.PostLogoutRedirectUri, StringComparison.Ordinal)) { continue; } location = QueryHelpers.AddQueryString(location, parameter.Key, parameter.Value); } Response.Redirect(location); }
/// <summary> /// Called before the LogoutEndpoint endpoint redirects its response to the caller. /// If the web application wishes to produce the authorization response directly in the LogoutEndpoint call it may write to the /// context.Response directly and should call context.RequestCompleted to stop other handlers from executing. /// This call may also be used to add additional response parameters to the authorization response. /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public virtual Task LogoutEndpointResponse(LogoutEndpointResponseContext context) => OnLogoutEndpointResponse(context);