public override async Task ApplyLogoutResponse([NotNull] ApplyLogoutResponseContext context)
{
var options = (OpenIddictServerOptions)context.Options;
// Note: as this stage, the request associated with the context may be null if an error
// occurred very early in the pipeline (e.g an invalid HTTP verb was used by the caller).
// Remove the logout request from the distributed cache.
if (options.EnableRequestCaching && !string.IsNullOrEmpty(context.Request?.RequestId))
{
// Note: the cache key is always prefixed with a specific marker
// to avoid collisions with the other types of cached requests.
var key = OpenIddictConstants.Environment.LogoutRequest + context.Request.RequestId;
// Note: the ApplyLogoutResponse event is called for both successful
// and errored logout responses but discrimination is not necessary here,
// as the logout request must be removed from the distributed cache in both cases.
await options.Cache.RemoveAsync(key);
}
if (!options.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Error) &&
string.IsNullOrEmpty(context.PostLogoutRedirectUri))
{
// Determine if the status code pages middleware has been enabled for this request.
// If it was not registered or enabled, let the OpenID Connect server middleware render
// a default error page instead of delegating the rendering to the status code middleware.
var feature = context.HttpContext.Features.Get <IStatusCodePagesFeature>();
if (feature != null && feature.Enabled)
{
// Replace the default status code by a 400 response.
context.HttpContext.Response.StatusCode = 400;
// Mark the request as fully handled to prevent the OpenID Connect server middleware
// from displaying the default error page and to allow the status code pages middleware
// to rewrite the response using the logic defined by the developer when registering it.
context.HandleResponse();
return;
}
}
await _eventService.PublishAsync(new OpenIddictServerEvents.ApplyLogoutResponse(context));
}
public override async Task ApplyLogoutResponse([NotNull] ApplyLogoutResponseContext context)
{
var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TApplication, TAuthorization, TScope, TToken> >();
// Remove the logout request from the distributed cache.
if (services.Options.EnableRequestCaching && !string.IsNullOrEmpty(context.Request.RequestId))
{
// Note: the cache key is always prefixed with a specific marker
// to avoid collisions with the other types of cached requests.
var key = OpenIddictConstants.Environment.LogoutRequest + context.Request.RequestId;
// Note: the ApplyLogoutResponse event is called for both successful
// and errored logout responses but discrimination is not necessary here,
// as the logout request must be removed from the distributed cache in both cases.
await services.Options.Cache.RemoveAsync(key);
}
if (!context.Options.ApplicationCanDisplayErrors && !string.IsNullOrEmpty(context.Response.Error) &&
string.IsNullOrEmpty(context.Response.PostLogoutRedirectUri))
{
// Determine if the status code pages middleware has been enabled for this request.
// If it was not registered or enabled, let the OpenID Connect server middleware render
// a default error page instead of delegating the rendering to the status code middleware.
var feature = context.HttpContext.Features.Get <IStatusCodePagesFeature>();
if (feature != null && feature.Enabled)
{
// Replace the default status code by a 400 response.
context.HttpContext.Response.StatusCode = 400;
// Mark the request as fully handled to prevent the OpenID Connect server middleware
// from displaying the default error page and to allow the status code pages middleware
// to rewrite the response using the logic defined by the developer when registering it.
context.HandleResponse();
}
}
}