public async Task remove_server_side_session_should_logout_user()
{
await _pipeline.LoginAsync("bob");
await _sessionStore.DeleteSessionsAsync(new SessionFilter { SubjectId = "bob" });
(await _sessionStore.GetSessionsAsync(new SessionFilter {
SubjectId = "bob"
})).Should().BeEmpty();
(await IsLoggedIn()).Should().BeFalse();
}
/// <inheritdoc/>
public async Task RemoveSessionsAsync(RemoveSessionsContext context, CancellationToken cancellationToken = default)
{
if (context.RevokeTokens || context.RevokeConsents)
{
// delete the tokens
var grantFilter = new PersistedGrantFilter
{
SubjectId = context.SubjectId,
SessionId = context.SessionId,
};
if (context.ClientIds != null)
{
grantFilter.ClientIds = context.ClientIds;
}
if (!context.RevokeTokens || !context.RevokeConsents)
{
if (context.RevokeConsents)
{
grantFilter.Type = IdentityServerConstants.PersistedGrantTypes.UserConsent;
}
else
{
grantFilter.Types = OnlyTokenTypes;
}
}
await _persistedGrantStore.RemoveAllAsync(grantFilter);
}
// send back channel SLO
if (context.SendBackchannelLogoutNotification)
{
// we might have more than one, so load them all
var sessions = await _serverSideTicketService.GetSessionsAsync(
new SessionFilter
{
SubjectId = context.SubjectId,
SessionId = context.SessionId,
},
cancellationToken);
foreach (var session in sessions)
{
await _backChannelLogoutService.SendLogoutNotificationsAsync(new LogoutNotificationContext
{
SubjectId = session.SubjectId,
SessionId = session.SessionId,
Issuer = session.Issuer,
ClientIds = session.ClientIds.Where(x => context.ClientIds == null || context.ClientIds.Contains(x))
});
}
}
if (context.RemoveServerSideSession)
{
// delete the cookies
await _serverSideSessionStore.DeleteSessionsAsync(new SessionFilter
{
SubjectId = context.SubjectId,
SessionId = context.SessionId,
}, cancellationToken);
}
}